CVE-2008-4190

Severity CVSS v4.0:
Pending analysis
Type:
CWE-59 Link Following
Publication date:
24/09/2008
Last modified:
09/04/2025

Description

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:openswan:openswan:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:2.3:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools