The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Keepalived | Keepalived | * | 1.2.2 (including) |
| Keepalived | Keepalived | 0.2.1 (including) | 0.2.1 (including) |
| Keepalived | Keepalived | 0.2.3 (including) | 0.2.3 (including) |
| Keepalived | Keepalived | 0.2.6 (including) | 0.2.6 (including) |
| Keepalived | Keepalived | 0.2.7 (including) | 0.2.7 (including) |
| Keepalived | Keepalived | 0.3.5 (including) | 0.3.5 (including) |
| Keepalived | Keepalived | 0.3.6 (including) | 0.3.6 (including) |
| Keepalived | Keepalived | 0.3.7 (including) | 0.3.7 (including) |
| Keepalived | Keepalived | 0.3.8 (including) | 0.3.8 (including) |
| Keepalived | Keepalived | 0.4.8 (including) | 0.4.8 (including) |
| Keepalived | Keepalived | 0.4.9 (including) | 0.4.9 (including) |
| Keepalived | Keepalived | 0.4.9a (including) | 0.4.9a (including) |
| Keepalived | Keepalived | 0.5.3 (including) | 0.5.3 (including) |
| Keepalived | Keepalived | 0.5.5 (including) | 0.5.5 (including) |
| Keepalived | Keepalived | 0.5.6 (including) | 0.5.6 (including) |
| Keepalived | Keepalived | 0.5.7 (including) | 0.5.7 (including) |
| Keepalived | Keepalived | 0.5.8 (including) | 0.5.8 (including) |
| Keepalived | Keepalived | 0.5.9 (including) | 0.5.9 (including) |
| Keepalived | Keepalived | 0.6.1 (including) | 0.6.1 (including) |
| Keepalived | Keepalived | 0.6.2 (including) | 0.6.2 (including) |
| Keepalived | Keepalived | 0.6.3 (including) | 0.6.3 (including) |
| Keepalived | Keepalived | 0.6.4 (including) | 0.6.4 (including) |
| Keepalived | Keepalived | 0.6.5 (including) | 0.6.5 (including) |
| Keepalived | Keepalived | 0.6.6 (including) | 0.6.6 (including) |
| Keepalived | Keepalived | 0.6.7 (including) | 0.6.7 (including) |
| Keepalived | Keepalived | 0.6.8 (including) | 0.6.8 (including) |
| Keepalived | Keepalived | 0.6.9 (including) | 0.6.9 (including) |
| Keepalived | Keepalived | 0.6.10 (including) | 0.6.10 (including) |
| Keepalived | Keepalived | 0.7.1 (including) | 0.7.1 (including) |
| Keepalived | Keepalived | 0.7.6 (including) | 0.7.6 (including) |
| Keepalived | Keepalived | 1.0.0 (including) | 1.0.0 (including) |
| Keepalived | Keepalived | 1.0.1 (including) | 1.0.1 (including) |
| Keepalived | Keepalived | 1.0.2 (including) | 1.0.2 (including) |
| Keepalived | Keepalived | 1.0.3 (including) | 1.0.3 (including) |
| Keepalived | Keepalived | 1.1.0 (including) | 1.1.0 (including) |
| Keepalived | Keepalived | 1.1.1 (including) | 1.1.1 (including) |
| Keepalived | Keepalived | 1.1.2 (including) | 1.1.2 (including) |
| Keepalived | Keepalived | 1.1.3 (including) | 1.1.3 (including) |
| Keepalived | Keepalived | 1.1.4 (including) | 1.1.4 (including) |
| Keepalived | Keepalived | 1.1.5 (including) | 1.1.5 (including) |
| Keepalived | Keepalived | 1.1.6 (including) | 1.1.6 (including) |
| Keepalived | Keepalived | 1.1.7 (including) | 1.1.7 (including) |
| Keepalived | Keepalived | 1.1.8 (including) | 1.1.8 (including) |
| Keepalived | Keepalived | 1.1.9 (including) | 1.1.9 (including) |
| Keepalived | Keepalived | 1.1.10 (including) | 1.1.10 (including) |
| Keepalived | Keepalived | 1.1.11 (including) | 1.1.11 (including) |
| Keepalived | Keepalived | 1.1.12 (including) | 1.1.12 (including) |
| Keepalived | Keepalived | 1.1.13 (including) | 1.1.13 (including) |
| Keepalived | Keepalived | 1.1.14 (including) | 1.1.14 (including) |
| Keepalived | Keepalived | 1.1.15 (including) | 1.1.15 (including) |
| Keepalived | Keepalived | 1.1.16 (including) | 1.1.16 (including) |
| Keepalived | Keepalived | 1.1.17 (including) | 1.1.17 (including) |
| Keepalived | Keepalived | 1.1.18 (including) | 1.1.18 (including) |
| Keepalived | Keepalived | 1.1.19 (including) | 1.1.19 (including) |
| Keepalived | Keepalived | 1.1.20 (including) | 1.1.20 (including) |
| Keepalived | Keepalived | 1.2.0 (including) | 1.2.0 (including) |
| Keepalived | Keepalived | 1.2.1 (including) | 1.2.1 (including) |
| Keepalived | Ubuntu | artful | * |
| Keepalived | Ubuntu | dapper | * |
| Keepalived | Ubuntu | hardy | * |
| Keepalived | Ubuntu | lucid | * |
| Keepalived | Ubuntu | maverick | * |
| Keepalived | Ubuntu | natty | * |
| Keepalived | Ubuntu | oneiric | * |
| Keepalived | Ubuntu | precise | * |
| Keepalived | Ubuntu | quantal | * |
| Keepalived | Ubuntu | raring | * |
| Keepalived | Ubuntu | saucy | * |
| Keepalived | Ubuntu | upstream | * |
| Keepalived | Ubuntu | utopic | * |
| Keepalived | Ubuntu | vivid | * |
| Keepalived | Ubuntu | wily | * |
| Keepalived | Ubuntu | yakkety | * |
| Keepalived | Ubuntu | zesty | * |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281
- http://lists.debian.org/debian-security/2011/05/msg00012.html
- http://lists.debian.org/debian-security/2011/05/msg00013.html
- http://lists.debian.org/debian-security/2011/05/msg00018.html
- http://openwall.com/lists/oss-security/2011/05/10/5
- http://openwall.com/lists/oss-security/2011/05/16/7
- http://secunia.com/advisories/44460
- http://www.osvdb.org/72380
- http://www.securityfocus.com/bid/47859
- https://bugzilla.redhat.com/show_bug.cgi?id=704039
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67477
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281
- http://lists.debian.org/debian-security/2011/05/msg00012.html
- http://lists.debian.org/debian-security/2011/05/msg00013.html
- http://lists.debian.org/debian-security/2011/05/msg00018.html
- http://openwall.com/lists/oss-security/2011/05/10/5
- http://openwall.com/lists/oss-security/2011/05/16/7
- http://secunia.com/advisories/44460
- http://www.osvdb.org/72380
- http://www.securityfocus.com/bid/47859
- https://bugzilla.redhat.com/show_bug.cgi?id=704039
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67477