A vulnerability in Keepalived could allow a local attacker to overwrite arbitrary files on a targeted system.
The vulnerability is due to improper permissions checks for pathnames with symbolic links (symlinks) when a PrintData or PrintStats call is invoked and fs.protected_symlinks is set to 0. An attacker could exploit this vulnerability by accessing an affected system and creating a new temporary file to be used as a symbolic link, then making a PrintData or PrintStats call that submits malicious input to the system. A successful exploit could allow the attacker to access sensitive information or cause a denial of service (DoS) condition by overwriting arbitrary files, such as the /etc/passwd file.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
Keepalived.org has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium