Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4190

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2008-4190
Last Modified 15 Nov 2010 12:00:00
Published 24 Sep 2008 07:42:25
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4190

Summary

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

Vulnerable Systems

Application

  • Openswan 1.0.4

  • Openswan 1.0.5

  • Openswan 1.0.6

  • Openswan 1.0.7

  • Openswan 1.0.8

  • Openswan 1.0.9

  • Openswan 2.1.1

  • Openswan 2.1.2

  • Openswan 2.1.4

  • Openswan 2.1.5

  • Openswan 2.1.6

  • Openswan 2.2

  • Openswan 2.3

  • Openswan 2.3.1

  • Openswan 2.4

  • Openswan 2.4.2

  • Openswan 2.4.4

  • Openswan 2.6.03

  • Openswan 2.6.04

  • Openswan 2.6.05

  • Openswan 2.6.06

  • Openswan 2.6.07

  • Openswan 2.6.08

  • Openswan 2.6.09

  • Openswan 2.6.10

  • Openswan 2.6.11

  • Openswan 2.6.12

  • Openswan 2.6.13

  • Openswan 2.6.14

  • Openswan 2.6.15

  • Openswan 2.6.16


References

BID - 31243

REDHAT - RHSA-2009:0402

DEBIAN - DSA-1760

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=460425

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=235770

XF - openswan-livetest-symlink(45250)

BUGTRAQ - 20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation

BUGTRAQ - 20090309 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation

MLIST - [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

MILW0RM - 9135

SECUNIA - 34472

SECUNIA - 34182

CONFIRM - http://dev.gentoo.org/~rbu/security/debiantemp/openswan


Last Updated: 27 May 2016 10:48:24