Test ID:	1.3.6.1.4.1.25623.1.0.71569
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201207-07 (keepalived)
Summary:	The remote host is missing updates announced in;advisory GLSA 201207-07.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 201207-07. Vulnerability Insight: Keepalived uses world-writable PID files, allowing a local attacker to kill arbitrary processes. Solution: All Keepalived users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-cluster/keepalived-1.2.2-r3' CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1784 44460 http://secunia.com/advisories/44460 47859 http://www.securityfocus.com/bid/47859 72380 http://www.osvdb.org/72380 [debian-security] 20110510 Re: World writable pid and lock files. http://lists.debian.org/debian-security/2011/05/msg00013.html [debian-security] 20110510 World writable pid and lock files. http://lists.debian.org/debian-security/2011/05/msg00012.html [debian-security] 20110511 Re: World writable pid and lock files. http://lists.debian.org/debian-security/2011/05/msg00018.html [oss-security] 20110510 CVE request: keepalived pid file permissions issue http://openwall.com/lists/oss-security/2011/05/10/5 [oss-security] 20110516 Re: CVE request: keepalived pid file permissions issue http://openwall.com/lists/oss-security/2011/05/16/7 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281 https://bugzilla.redhat.com/show_bug.cgi?id=704039 keepalived-pid-dos(67477) https://exchange.xforce.ibmcloud.com/vulnerabilities/67477
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.