The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-09-24T10:00:00
Updated: 2024-08-07T10:08:34.945Z
Reserved: 2008-09-23T00:00:00
Link: CVE-2008-4190
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-09-24T11:42:25.250
Modified: 2024-11-21T00:51:07.377
Link: CVE-2008-4190
Redhat