CVE-2008-4190 - Improper Link Resolution Before File Access ('Link Following')

Severity

44%

Complexity

34%

Confidentiality

106%

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Xelerance Openswan

First reported 16 years ago

2008-09-24 11:42:00

Last updated 5 years ago

2019-07-29 14:24:00

Affected Software

Xelerance Openswan 2.3.1

2.3.1

Xelerance Openswan 2.4.0

2.4.0

Xelerance Openswan 2.4.1

2.4.1

Xelerance Openswan 2.4.2

2.4.2

Xelerance Openswan 2.4.3

2.4.3

Xelerance Openswan 2.4.4

2.4.4

Xelerance Openswan 2.4.5

2.4.5

Xelerance Openswan 2.4.6

2.4.6

Xelerance Openswan 2.4.7

2.4.7

Xelerance Openswan 2.4.8

2.4.8

Xelerance Openswan 2.4.9

2.4.9

Xelerance Openswan 2.4.10

2.4.10

Xelerance Openswan 2.4.11

2.4.11

Xelerance Openswan 2.4.12

2.4.12

Xelerance Openswan 2.6.03

2.6.03

Xelerance Openswan 2.6.04

2.6.04

Xelerance Openswan 2.6.05

2.6.05

Xelerance Openswan 2.6.06

2.6.06

Xelerance Openswan 2.6.07

2.6.07

Xelerance Openswan 2.6.08

2.6.08

Xelerance Openswan 2.6.09

2.6.09

Xelerance Openswan 2.6.10

2.6.10

Xelerance Openswan 2.6.11

2.6.11

Xelerance Openswan 2.6.12

2.6.12

Xelerance Openswan 2.6.13

2.6.13

Xelerance Openswan 2.6.14

2.6.14

Xelerance Openswan 2.6.15

2.6.15

Xelerance Openswan 2.6.16

2.6.16

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374

Patch

http://dev.gentoo.org/~rbu/security/debiantemp/openswan

34182

Vendor Advisory

34472

Vendor Advisory

DSA-1760

Patch

[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

RHSA-2009:0402

Patch

20090309 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation

20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation

31243

Patch

https://bugs.gentoo.org/show_bug.cgi?id=235770

https://bugzilla.redhat.com/show_bug.cgi?id=460425

openswan-livetest-symlink(45250)

oval:org.mitre.oval:def:10078

9135

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.