Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2147

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2011-2147
Last Modified 06 Sep 2011 11:17:04
Published 20 May 2011 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2147

Summary

Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784.

Vulnerable Systems

Application

  • Openswan 2.2.0

  • Openswan 2.2.1


References

XF - openswan-pid-dos(67822)

MLIST - [debian-security] 20110510 Re: World writable pid and lock files.

MLIST - [debian-security] 20110510 World writable pid and lock files.


Last Updated: 27 May 2016 10:56:56