#VU45037 Permissions, Privileges, and Access Controls in Keepalived - CVE-2011-1784

Cybersecurity Help s.r.o.

Published: 2011-05-21 | Updated: 2020-08-11

Vulnerability identifier: #VU45037

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-1784

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Keepalived
Server applications / Other server solutions

Vendor: Keepalived

Description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Keepalived: 0.2.1 - 1.2.1

External links
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281
https://lists.debian.org/debian-security/2011/05/msg00012.html
https://lists.debian.org/debian-security/2011/05/msg00013.html
https://lists.debian.org/debian-security/2011/05/msg00018.html
https://openwall.com/lists/oss-security/2011/05/10/5
https://openwall.com/lists/oss-security/2011/05/16/7
https://secunia.com/advisories/44460
https://www.osvdb.org/72380
https://www.securityfocus.com/bid/47859
https://bugzilla.redhat.com/show_bug.cgi?id=704039
https://exchange.xforce.ibmcloud.com/vulnerabilities/67477

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Keepalived

Permissions, Privileges, and Access Controls in Keepalived