Jsegitz

**Name of the Vulnerable Software and Affected Versions** keepalived version 2.0.8 **Description** The issue is related to the handling of temporary files when the `PrintData` or `PrintStats` functions are called. A local attacker could potentially exploit this by creating a file with a specific name, such as `/tmp/keepalived.data` or `/tmp/keepalived.stats`, with read access for the attacker and write access for the keepalived process. This could lead to the leakage of sensitive information. **Recommendations** For keepalived version 2.0.8, consider restricting access to the temporary files used by the `PrintData` and `PrintStats` functions to prevent potential information leakage. As a temporary workaround, avoid using the `PrintData` and `PrintStats` functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** keepalived versions 2.0.8 **Description** The issue is related to the implementation of PrintData or PrintStats calls in the Keepalived network traffic balancing system, which is associated with incorrect link resolution before accessing a file. This could allow an attacker to overwrite arbitrary files. Local users can exploit this to overwrite files if fs.protected symlinks is set to 0, for example, by creating a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. **Recommendations** For keepalived version 2.0.8, consider setting fs.protected symlinks to 1 to prevent exploitation, and avoid using symlinks in temporary file paths for PrintData or PrintStats calls until a patch is available.

**Name of the Vulnerable Software and Affected Versions** keepalived version 2.0.8 **Description** The issue is related to the implementation of `PrintData` or `PrintStats` calls in the Keepalived network traffic balancing system. It is associated with a lack of protection for service data when using mode 0666, potentially allowing a remote attacker to access sensitive information. **Recommendations** For keepalived version 2.0.8, consider changing the mode used when creating new temporary files to a more secure setting to prevent potential information leakage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.