Keepalived Symlink Pathnames Arbitrary File Overwrite Vulnerability



A vulnerability in Keepalived could allow a local attacker to overwrite arbitrary files on a targeted system.

The vulnerability is due to improper permissions checks for pathnames with symbolic links (symlinks) when a PrintData or PrintStats call is invoked and fs.protected_symlinks is set to 0. An attacker could exploit this vulnerability by accessing an affected system and creating a new temporary file to be used as a symbolic link, then making a PrintData or PrintStats call that submits malicious input to the system. A successful exploit could allow the attacker to access sensitive information or cause a denial of service (DoS) condition by overwriting arbitrary files, such as the /etc/passwd file.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Keepalived.org has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-19044

Source:: Cisco Multivendor Vulnerability Alerts