CVE-2008-4190
Published Sep 24, 2008
Last updated 5 years ago
Overview
- Description
- The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-59
Vendor comments
- Red HatThis issue has been addressed via: https://rhn.redhat.com/errata/RHSA-2009-0402.html
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openswan:openswan:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83BD9C38-8D11-4A21-9A80-83D4D02ECC3C"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BF7EA37-F5B2-4EBE-A959-29F559A47F47"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C062450-8D41-4E0C-AEAD-6C51D9B8F107"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:1.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D15B299-2298-4617-8CED-5F98C2E68D07"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:1.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7FA0C68-A45A-42EB-9F1F-E911F32589BC"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:1.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "411E9D06-5756-4918-965C-3E83890F0316"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A9EABDE-514F-42BA-A335-135209605981"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2425AF51-C42B-4EAA-A619-EE47EAFCBA83"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "892D939B-4649-4B90-A2C0-6C2E4DDF7DFD"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:2.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A321B57-5E08-48C8-9288-A92342770FD1"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:2.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54780B50-9CFE-43B6-8BB9-C7246F817773"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "001E2700-CE33-495A-8F8A-81E2E550CFF2"
},
{
"criteria": "cpe:2.3:a:openswan:openswan:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A628FE6-A042-4DF9-A141-8BE65FD236C5"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "112D7B10-50E4-4903-9E34-DB4857D6C658"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7841F42-1226-43C4-A007-88847925D872"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "77930F86-13FF-4787-A39F-2D00110AFBFC"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B1ADD64-2503-4EED-9F6F-E425A3406123"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A3067BE9-4314-42BD-8131-89C4899F7D47"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E00CA6E5-1F63-4D59-BA72-0F8697671718"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C35A2049-8502-41F2-894E-E39AEBEB6816"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.6:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1109A84D-1815-4A7B-8EDA-E493A1973224"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.7:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B20531A3-F6F8-4FE1-9C0A-FDFABAC4C6AA"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.8:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C9F212AE-D5B3-4A88-A1E6-00A13A0A2AD5"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DD82E956-8C8E-4B38-9E82-4AA9AEFE6891"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2D0F0EA4-A0DF-48CC-9B42-465A36945503"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.11:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8945D2A7-B1C3-4981-B840-FB046AB6F4B6"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.12:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "338E969E-2CC6-44F3-A938-EE7131375AB8"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78325087-599F-448B-8C47-570914FF6C59"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "059CFA5C-B262-47AF-94A6-8E74AFB19204"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12F25627-235B-4312-80A4-4E36DE0E72A4"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3E70B88-6348-42BB-AE96-46BDB1F3C6FB"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12A9DF25-48E8-4D52-A267-1BE0437E9000"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C986533F-E320-46FA-A9F7-DAFDB1A0628A"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C77DED4-2696-4172-92B7-43034E61F845"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EDCCFDA-99A8-4590-99F1-95F3A5AD70B4"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BED1BA7D-B603-49D4-9080-4A9FEC056A69"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E8EB86B-2DD9-4C4B-9C9A-E88B2C458C8B"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "207B98DB-5962-4F62-AF5B-D48EF0C0E2A5"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFB65639-AE3A-4984-93F9-2A8100DCEE6B"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8921D08-FBA3-4C0A-8944-362909C5EB6B"
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FBD5312-E44F-4996-AA29-AFED53A90E8E"
}
],
"operator": "OR"
}
]
}
]