 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2018.0494 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2018-0494) |
| Zusammenfassung: | The remote host is missing an update for the 'keepalived' package(s) announced via the MGASA-2018-0494 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'keepalived' package(s) announced via the MGASA-2018-0494 advisory. Vulnerability Insight: keepalived before version 2.0.9 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd (CVE-2018-19044). keepalived before version 2.0.9 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information (CVE-2018-19045). keepalived before version 2.0.10 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information (CVE-2018-19046). keepalived before version 2.0.9 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap (CVE-2018-19115). Affected Software/OS: 'keepalived' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-19044 https://security.gentoo.org/glsa/201903-01 https://bugzilla.suse.com/show_bug.cgi?id=1015141 https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306 https://github.com/acassen/keepalived/issues/1048 RedHat Security Advisories: RHSA-2019:2285 https://access.redhat.com/errata/RHSA-2019:2285 Common Vulnerability Exposure (CVE) ID: CVE-2018-19045 https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6 https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067 Common Vulnerability Exposure (CVE) ID: CVE-2018-19046 Common Vulnerability Exposure (CVE) ID: CVE-2018-19115 https://github.com/acassen/keepalived/pull/961 https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9 https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html RedHat Security Advisories: RHSA-2019:0022 https://access.redhat.com/errata/RHSA-2019:0022 RedHat Security Advisories: RHSA-2019:1792 https://access.redhat.com/errata/RHSA-2019:1792 RedHat Security Advisories: RHSA-2019:1945 https://access.redhat.com/errata/RHSA-2019:1945 https://usn.ubuntu.com/3995-1/ https://usn.ubuntu.com/3995-2/ |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |