CVE Database


Impact: Low
Public: 2008-08-24
Bugzilla: 460425: CVE-2008-4190 openswan: Insecure auxiliary /tmp file usage (symlink attack possible)


The MITRE CVE dictionary describes this issue as:

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

Find out more about CVE-2008-4190 from the MITRE CVE dictionary and NIST NVD.


This issue has been addressed via:

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (openswan) RHSA-2009:0402 March 30, 2009

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.