PT-2021-7761 · Unknown+9 · Keepalived+9

Carnil

Published

2021-11-26

Updated

2024-06-15

CVE-2021-44225

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Keepalived versions 2.2.4 and earlier

Description The issue is related to insufficient restrictions in the D-Bus policy, allowing any user to inspect and manipulate properties. This can lead to access-control bypass in certain situations where an unrelated D-Bus system service has a settable property. The vulnerability can be exploited by a remote attacker to access confidential data and compromise its integrity.

Recommendations For Keepalived versions 2.2.4 and earlier, consider restricting access to the D-Bus system service to minimize the risk of exploitation. As a temporary workaround, limit the ability of users to inspect and manipulate properties until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALSA-2022:1930

ALT-PU-2022-3262

ALT-PU-2023-1950

AZL-6508

BDU:2023-02653

CESA-2022_1930

CVE-2021-44225

DLA-3388-1

MGASA-2021-0567

OESA-2021-1477

OPENSUSE-SU-2022_2923-1

OPENSUSE-SU-2022_3232-1

OPENSUSE-SU-2024:11888-1

RHSA-2022:1930

RHSA-2022_1930

RLSA-2022:1930

SUSE-SU-2022:2923-1

SUSE-SU-2022:3232-1

SUSE-SU-2022:3234-1

SUSE-SU-2022:3235-1

SUSE-SU-2022_2923-1

SUSE-SU-2022_3232-1

USN-5188-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Keepalived

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-7761 · Unknown+9 · Keepalived+9

CVE-2021-44225

Weakness Enumeration

Related Identifiers

Affected Products

References · 51