3.6

CVE-2011-1784

The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KeepalivedKeepalived Version <= 1.2.2
KeepalivedKeepalived Version0.2.1
KeepalivedKeepalived Version0.2.3
KeepalivedKeepalived Version0.2.6
KeepalivedKeepalived Version0.2.7
KeepalivedKeepalived Version0.3.5
KeepalivedKeepalived Version0.3.6
KeepalivedKeepalived Version0.3.7
KeepalivedKeepalived Version0.3.8
KeepalivedKeepalived Version0.4.8
KeepalivedKeepalived Version0.4.9
KeepalivedKeepalived Version0.4.9a
KeepalivedKeepalived Version0.5.3
KeepalivedKeepalived Version0.5.5
KeepalivedKeepalived Version0.5.6
KeepalivedKeepalived Version0.5.7
KeepalivedKeepalived Version0.5.8
KeepalivedKeepalived Version0.5.9
KeepalivedKeepalived Version0.6.1
KeepalivedKeepalived Version0.6.2
KeepalivedKeepalived Version0.6.3
KeepalivedKeepalived Version0.6.4
KeepalivedKeepalived Version0.6.5
KeepalivedKeepalived Version0.6.6
KeepalivedKeepalived Version0.6.7
KeepalivedKeepalived Version0.6.8
KeepalivedKeepalived Version0.6.9
KeepalivedKeepalived Version0.6.10
KeepalivedKeepalived Version0.7.1
KeepalivedKeepalived Version0.7.6
KeepalivedKeepalived Version1.0.0
KeepalivedKeepalived Version1.0.1
KeepalivedKeepalived Version1.0.2
KeepalivedKeepalived Version1.0.3
KeepalivedKeepalived Version1.1.0
KeepalivedKeepalived Version1.1.1
KeepalivedKeepalived Version1.1.2
KeepalivedKeepalived Version1.1.3
KeepalivedKeepalived Version1.1.4
KeepalivedKeepalived Version1.1.5
KeepalivedKeepalived Version1.1.6
KeepalivedKeepalived Version1.1.7
KeepalivedKeepalived Version1.1.8
KeepalivedKeepalived Version1.1.9
KeepalivedKeepalived Version1.1.10
KeepalivedKeepalived Version1.1.11
KeepalivedKeepalived Version1.1.12
KeepalivedKeepalived Version1.1.13
KeepalivedKeepalived Version1.1.14
KeepalivedKeepalived Version1.1.15
KeepalivedKeepalived Version1.1.16
KeepalivedKeepalived Version1.1.17
KeepalivedKeepalived Version1.1.18
KeepalivedKeepalived Version1.1.19
KeepalivedKeepalived Version1.1.20
KeepalivedKeepalived Version1.2.0
KeepalivedKeepalived Version1.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.283
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281
http://lists.debian.org/debian-security/2011/05/msg00012.html
http://lists.debian.org/debian-security/2011/05/msg00013.html
http://lists.debian.org/debian-security/2011/05/msg00018.html
http://openwall.com/lists/oss-security/2011/05/10/5
http://openwall.com/lists/oss-security/2011/05/16/7
http://secunia.com/advisories/44460
Vendor Advisory
http://www.osvdb.org/72380
http://www.securityfocus.com/bid/47859
https://bugzilla.redhat.com/show_bug.cgi?id=704039
https://exchange.xforce.ibmcloud.com/vulnerabilities/67477