National Cyber-Alert System

Vulnerability Summary for CVE-2008-4190

Overview

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (03/30/2009)

This issue has been addressed via: https://rhn.redhat.com/errata/RHSA-2009-0402.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 31243

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/31243

External Source: REDHAT

Name: RHSA-2009:0402

Type: Patch Information

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0402.html

External Source: DEBIAN

Name: DSA-1760

Type: Patch Information

Hyperlink:http://www.debian.org/security/2009/dsa-1760

External Source: CONFIRM

Name: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374

Type: Patch Information

Hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=460425

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=460425

External Source: CONFIRM

Name: https://bugs.gentoo.org/show_bug.cgi?id=235770

Hyperlink:https://bugs.gentoo.org/show_bug.cgi?id=235770

External Source: XF

Name: openswan-livetest-symlink(45250)

Hyperlink:http://xforce.iss.net/xforce/xfdb/45250

External Source: BUGTRAQ

Name: 20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/501640/100/0/threaded

External Source: BUGTRAQ

Name: 20090309 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/501624/100/0/threaded

External Source: MLIST

Name: [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

Hyperlink:http://www.openwall.com/lists/oss-security/2008/10/30/2

External Source: MILW0RM

Name: 9135

Hyperlink:http://www.milw0rm.com/exploits/9135

External Source: SECUNIA

Name: 34472

Type: Advisory

Hyperlink:http://secunia.com/advisories/34472

External Source: SECUNIA

Name: 34182

Type: Advisory

Hyperlink:http://secunia.com/advisories/34182

External Source: CONFIRM

Name: http://dev.gentoo.org/~rbu/security/debiantemp/openswan

Hyperlink:http://dev.gentoo.org/~rbu/security/debiantemp/openswan