Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1784

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2011-1784
Last Modified 24 May 2011 12:00:00
Published 20 May 2011 06:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1784

Summary

The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.

Vulnerable Systems

Application

  • Keepalived 0.2.1

  • Keepalived 0.2.3

  • Keepalived 0.2.6

  • Keepalived 0.2.7

  • Keepalived 0.3.5

  • Keepalived 0.3.6

  • Keepalived 0.3.7

  • Keepalived 0.3.8

  • Keepalived 0.4.8

  • Keepalived 0.4.9

  • Keepalived 0.4.9a

  • Keepalived 0.5.3

  • Keepalived 0.5.5

  • Keepalived 0.5.6

  • Keepalived 0.5.7

  • Keepalived 0.5.8

  • Keepalived 0.5.9

  • Keepalived 0.6.1

  • Keepalived 0.6.10

  • Keepalived 0.6.2

  • Keepalived 0.6.3

  • Keepalived 0.6.4

  • Keepalived 0.6.5

  • Keepalived 0.6.6

  • Keepalived 0.6.7

  • Keepalived 0.6.8

  • Keepalived 0.6.9

  • Keepalived 0.7.1

  • Keepalived 0.7.6

  • Keepalived 1.0.0

  • Keepalived 1.0.1

  • Keepalived 1.0.2

  • Keepalived 1.0.3

  • Keepalived 1.1.0

  • Keepalived 1.1.1

  • Keepalived 1.1.10

  • Keepalived 1.1.11

  • Keepalived 1.1.12

  • Keepalived 1.1.13

  • Keepalived 1.1.14

  • Keepalived 1.1.15

  • Keepalived 1.1.16

  • Keepalived 1.1.17

  • Keepalived 1.1.18

  • Keepalived 1.1.19

  • Keepalived 1.1.2

  • Keepalived 1.1.20

  • Keepalived 1.1.3

  • Keepalived 1.1.4

  • Keepalived 1.1.5

  • Keepalived 1.1.6

  • Keepalived 1.1.7

  • Keepalived 1.1.8

  • Keepalived 1.1.9

  • Keepalived 1.2.0

  • Keepalived 1.2.1

  • Keepalived 1.2.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=704039

XF - keepalived-pid-dos(67477)

BID - 47859

OSVDB - 72380

SECUNIA - 44460

MLIST - [oss-security] 20110516 Re: CVE request: keepalived pid file permissions issue

MLIST - [oss-security] 20110510 CVE request: keepalived pid file permissions issue

MLIST - [debian-security] 20110511 Re: World writable pid and lock files.

MLIST - [debian-security] 20110510 Re: World writable pid and lock files.

MLIST - [debian-security] 20110510 World writable pid and lock files.

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281


Last Updated: 27 May 2016 10:56:47