VIR Vulnerability Intelligence Relay

CVE-2011-1784

low
Published 2011-05-20 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
3.6

Description

The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 1:1.2.2-2
sid Fixed 1:1.2.2-2
forky Fixed 1:1.2.2-2
bullseye Fixed 1:1.2.2-2
bookworm Fixed 1:1.2.2-2

Application impact
VendorProductVersionsFixed
keepalivedkeepalived{"endIncluding":"1.2.2"}
keepalivedkeepalived0.2.1
keepalivedkeepalived0.2.3
keepalivedkeepalived0.2.6
keepalivedkeepalived0.2.7
keepalivedkeepalived0.3.5
keepalivedkeepalived0.3.6
keepalivedkeepalived0.3.7
keepalivedkeepalived0.3.8
keepalivedkeepalived0.4.8
keepalivedkeepalived0.4.9
keepalivedkeepalived0.4.9a
keepalivedkeepalived0.5.3
keepalivedkeepalived0.5.5
keepalivedkeepalived0.5.6
keepalivedkeepalived0.5.7
keepalivedkeepalived0.5.8
keepalivedkeepalived0.5.9
keepalivedkeepalived0.6.1
keepalivedkeepalived0.6.2
keepalivedkeepalived0.6.3
keepalivedkeepalived0.6.4
keepalivedkeepalived0.6.5
keepalivedkeepalived0.6.6
keepalivedkeepalived0.6.7
keepalivedkeepalived0.6.8
keepalivedkeepalived0.6.9
keepalivedkeepalived0.6.10
keepalivedkeepalived0.7.1
keepalivedkeepalived0.7.6
keepalivedkeepalived1.0.0
keepalivedkeepalived1.0.1
keepalivedkeepalived1.0.2
keepalivedkeepalived1.0.3
keepalivedkeepalived1.1.0
keepalivedkeepalived1.1.1
keepalivedkeepalived1.1.2
keepalivedkeepalived1.1.3
keepalivedkeepalived1.1.4
keepalivedkeepalived1.1.5
keepalivedkeepalived1.1.6
keepalivedkeepalived1.1.7
keepalivedkeepalived1.1.8
keepalivedkeepalived1.1.9
keepalivedkeepalived1.1.10
keepalivedkeepalived1.1.11
keepalivedkeepalived1.1.12
keepalivedkeepalived1.1.13
keepalivedkeepalived1.1.14
keepalivedkeepalived1.1.15
keepalivedkeepalived1.1.16
keepalivedkeepalived1.1.17
keepalivedkeepalived1.1.18
keepalivedkeepalived1.1.19
keepalivedkeepalived1.1.20
keepalivedkeepalived1.2.0
keepalivedkeepalived1.2.1

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.