ALT-PU-2022-3262-1
Package keepalived updated to version 2.2.7-alt1 for branch sisyphus in task 311041.
Closed vulnerabilities
Published: 2021-11-26
BDU:2023-02653
Уязвимость системы балансировки сетевого трафика Keepalived, связанная с недостатками разграничения доступа, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
Severity: MEDIUM (5.4)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References:
Published: 2021-11-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-44225
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Severity: MEDIUM (5.4)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References:
- https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
- https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
- https://github.com/acassen/keepalived/pull/2063
- https://github.com/acassen/keepalived/pull/2063
- [debian-lts-announce] 20230410 [SECURITY] [DLA 3388-1] keepalived security update
- [debian-lts-announce] 20230410 [SECURITY] [DLA 3388-1] keepalived security update
- FEDORA-2021-0cda131052
- FEDORA-2021-0cda131052
- FEDORA-2021-255eff1bb5
- FEDORA-2021-255eff1bb5