 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2018.0494 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2018-0494) |
| Resumen: | The remote host is missing an update for the 'keepalived' package(s) announced via the MGASA-2018-0494 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'keepalived' package(s) announced via the MGASA-2018-0494 advisory. Vulnerability Insight: keepalived before version 2.0.9 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd (CVE-2018-19044). keepalived before version 2.0.9 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information (CVE-2018-19045). keepalived before version 2.0.10 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information (CVE-2018-19046). keepalived before version 2.0.9 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap (CVE-2018-19115). Affected Software/OS: 'keepalived' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-19044 https://security.gentoo.org/glsa/201903-01 https://bugzilla.suse.com/show_bug.cgi?id=1015141 https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306 https://github.com/acassen/keepalived/issues/1048 RedHat Security Advisories: RHSA-2019:2285 https://access.redhat.com/errata/RHSA-2019:2285 Common Vulnerability Exposure (CVE) ID: CVE-2018-19045 https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6 https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067 Common Vulnerability Exposure (CVE) ID: CVE-2018-19046 Common Vulnerability Exposure (CVE) ID: CVE-2018-19115 https://github.com/acassen/keepalived/pull/961 https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9 https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html RedHat Security Advisories: RHSA-2019:0022 https://access.redhat.com/errata/RHSA-2019:0022 RedHat Security Advisories: RHSA-2019:1792 https://access.redhat.com/errata/RHSA-2019:1792 RedHat Security Advisories: RHSA-2019:1945 https://access.redhat.com/errata/RHSA-2019:1945 https://usn.ubuntu.com/3995-1/ https://usn.ubuntu.com/3995-2/ |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |