Published: 24/09/2008 Updated: 29/07/2019

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

VMScore: 445

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

The IPSEC livetest tool in Openswan 2.4.12 and previous versions, and 2.6.x up to and including 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openswan openswan 1.0.9
openswan openswan 2.1.1
xelerance openswan 2.4.0
xelerance openswan 2.4.2
xelerance openswan 2.3.1
xelerance openswan 2.6.04
xelerance openswan 2.6.05
xelerance openswan 2.6.12
xelerance openswan 2.6.13
openswan openswan 2.2
openswan openswan 2.3
openswan openswan 1.0.4
xelerance openswan 2.6.03
xelerance openswan 2.6.10
xelerance openswan 2.6.11
openswan openswan 2.1.5
openswan openswan 2.1.6
openswan openswan 1.0.6
openswan openswan 1.0.5
xelerance openswan 2.6.08
xelerance openswan 2.6.09
xelerance openswan 2.6.16
xelerance openswan 2.4.4
openswan openswan 2.1.2
openswan openswan 2.1.4
openswan openswan 1.0.8
openswan openswan 1.0.7
xelerance openswan 2.6.06
xelerance openswan 2.6.07
xelerance openswan 2.6.14
xelerance openswan 2.6.15

Synopsis Important: openswan security update Type/Severity Security Advisory: Important Topic Updated openswan packages that fix various security issues are nowavailable for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security Response Team ...

Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4190 Dmitry E Oboukhov discovered that the livetest tool is using temporary files insecurely, which could lead to a denial of service attack CVE-2009-0790 Gerd v Eg ...

#!/bin/bash # uglyswan - OpenSwan local root exploit (CVE-2008-4190) # # description: # The IPSEC livetest tool in Openswan 2412 and earlier, and 26x through 2616, # allows local users to overwrite arbitrary files and execute arbitrary code via a # symlink attack on the (1) ipsecliveconn and (2) ipsecoltsremotelog temporary files # NOTE: ...

Openswan versions equal to and below 2412/2616 suffer from an insecure file creation vulnerability that allows for privilege escalation ...

CWE-59 https://bugzilla.redhat.com/show_bug.cgi?id=460425 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374 http://www.securityfocus.com/bid/31243 http://www.openwall.com/lists/oss-security/2008/10/30/2 https://bugs.gentoo.org/show_bug.cgi?id=235770 http://dev.gentoo.org/~rbu/security/debiantemp/openswan http://secunia.com/advisories/34182 http://secunia.com/advisories/34472 http://www.redhat.com/support/errata/RHSA-2009-0402.html http://www.debian.org/security/2009/dsa-1760 https://exchange.xforce.ibmcloud.com/vulnerabilities/45250 https://www.exploit-db.com/exploits/9135 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078 http://www.securityfocus.com/archive/1/501640/100/0/threaded http://www.securityfocus.com/archive/1/501624/100/0/threaded https://access.redhat.com/errata/RHSA-2009:0402 https://nvd.nist.gov https://www.exploit-db.com/exploits/9135/https://www.debian.org/security/./dsa-1760

CVE-2008-4190

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect