CVE-2008-4190
EUVD-2008-417324.09.2008, 11:42
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openswan | openswan | 1.0.4 |
| openswan | openswan | 1.0.5 |
| openswan | openswan | 1.0.6 |
| openswan | openswan | 1.0.7 |
| openswan | openswan | 1.0.8 |
| openswan | openswan | 1.0.9 |
| openswan | openswan | 2.1.1 |
| openswan | openswan | 2.1.2 |
| openswan | openswan | 2.1.4 |
| openswan | openswan | 2.1.5 |
| openswan | openswan | 2.1.6 |
| openswan | openswan | 2.2 |
| openswan | openswan | 2.3 |
| xelerance | openswan | 2.3.1 |
| xelerance | openswan | 2.4.0 |
| xelerance | openswan | 2.4.2 |
| xelerance | openswan | 2.4.4 |
| xelerance | openswan | 2.6.03 |
| xelerance | openswan | 2.6.04 |
| xelerance | openswan | 2.6.05 |
| xelerance | openswan | 2.6.06 |
| xelerance | openswan | 2.6.07 |
| xelerance | openswan | 2.6.08 |
| xelerance | openswan | 2.6.09 |
| xelerance | openswan | 2.6.10 |
| xelerance | openswan | 2.6.11 |
| xelerance | openswan | 2.6.12 |
| xelerance | openswan | 2.6.13 |
| xelerance | openswan | 2.6.14 |
| xelerance | openswan | 2.6.15 |
| xelerance | openswan | 2.6.16 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References