Back to search
CVE-2008-4190
Published: Sep 24, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
34472
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=460425
x_refsource_CONFIRM
[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire
mailing-list
x_refsource_MLIST
https://bugs.gentoo.org/show_bug.cgi?id=235770
x_refsource_CONFIRM
20090309 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
mailing-list
x_refsource_BUGTRAQ
34182
third-party-advisory
x_refsource_SECUNIA
20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:10078
vdb-entry
signature
x_refsource_OVAL
http://dev.gentoo.org/~rbu/security/debiantemp/openswan
x_refsource_CONFIRM
31243
vdb-entry
x_refsource_BID
9135
exploit
x_refsource_EXPLOIT-DB
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
x_refsource_CONFIRM
RHSA-2009:0402
vendor-advisory
x_refsource_REDHAT
openswan-livetest-symlink(45250)
vdb-entry
x_refsource_XF
DSA-1760
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now