Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2147


Vulnerability Score 3.6 3.6
CVE Id CVE-2011-2147
Last Modified 06 Sep 2011 11:17:04
Published 20 May 2011 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



Openswan 2.2.x does not properly restrict permissions for (1) /var/run/, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784.

Vulnerable Systems


  • Openswan 2.2.0

  • Openswan 2.2.1


XF - openswan-pid-dos(67822)

MLIST - [debian-security] 20110510 Re: World writable pid and lock files.

MLIST - [debian-security] 20110510 World writable pid and lock files.

Last Updated: 27 May 2016 10:56:56