Download
| Alert*
oval:org.secpod.oval:def:1801278
CVE-2018-19044: kkeepalived before version 2.0.9 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/k ... oval:org.secpod.oval:def:1900100 keepalived 2.0.8 didn"t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name , with read access for the attacker and write access for the keepalived process, then this pot ... oval:org.secpod.oval:def:115628 Keepalived provides simple and robust facilities for load balancing and high availability to Linux system and Linux based infrastructures. The load balancing framework relies on well-known and widely used Linux Virtual Server kernel module providing Layer4 load balancing. Keepalived implements a se ... oval:org.secpod.oval:def:2001076 keepalived 2.0.8 didn"t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name , with read access for the attacker and write access for the keepalived process, then this pot ... |