Red Hat Customer Portal

Skip to main content

CVE-2008-4190

Impact:
Low
Public Date:
2008-08-24
Bugzilla:
460425: CVE-2008-4190 openswan: Insecure auxiliary /tmp file usage (symlink attack possible)

The MITRE CVE dictionary describes this issue as:

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

Find out more about CVE-2008-4190 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue has been addressed via: https://rhn.redhat.com/errata/RHSA-2009-0402.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (openswan) RHSA-2009:0402 2009-03-30

Last Modified