CVE-2011-1784

Related Files

Mandriva Linux Security Advisory 2013-096

Posted Apr 11, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-096 - The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the checkers.pid, and vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files. A security issue due to syslog being used inside of sighandlers has also been fixed. Finally, keepalived was failing to load the ip_vs kernel module because of an incorrect modprobe option. This has also been corrected.

tags | advisory, arbitrary, kernel, local

systems | linux, mandriva

advisories | CVE-2011-1784

SHA-256 | f3cd472376eebff910246245a399722a96d596a772515aa4360494a1cf49a7a1

Download | Favorite | View

Gentoo Linux Security Advisory 201207-07

Posted Jul 10, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201207-7 - Keepalived uses world-writable PID files, allowing a local attacker to kill arbitrary processes. Versions less than 1.2.2-r3 are affected.

tags | advisory, arbitrary, local

systems | linux, gentoo

advisories | CVE-2011-1784

SHA-256 | f2d5ab163bea57e36eb2e3461b8c01c26c5adf484fffb286998715e8921fface

Download | Favorite | View