CVE-2008-4190

Published Sep 24, 2008
Last updated 6 years ago
CVSS info 4.4
Overview

Description: The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-59
Hype score: Not currently trending
Vendor comments

Red HatThis issue has been addressed via: https://rhn.redhat.com/errata/RHSA-2009-0402.html
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openswan:openswan:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83BD9C38-8D11-4A21-9A80-83D4D02ECC3C"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BF7EA37-F5B2-4EBE-A959-29F559A47F47"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C062450-8D41-4E0C-AEAD-6C51D9B8F107"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:1.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D15B299-2298-4617-8CED-5F98C2E68D07"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:1.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7FA0C68-A45A-42EB-9F1F-E911F32589BC"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:1.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "411E9D06-5756-4918-965C-3E83890F0316"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A9EABDE-514F-42BA-A335-135209605981"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2425AF51-C42B-4EAA-A619-EE47EAFCBA83"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "892D939B-4649-4B90-A2C0-6C2E4DDF7DFD"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:2.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A321B57-5E08-48C8-9288-A92342770FD1"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:2.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54780B50-9CFE-43B6-8BB9-C7246F817773"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "001E2700-CE33-495A-8F8A-81E2E550CFF2"
          },
          {
            "criteria": "cpe:2.3:a:openswan:openswan:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A628FE6-A042-4DF9-A141-8BE65FD236C5"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "112D7B10-50E4-4903-9E34-DB4857D6C658"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7841F42-1226-43C4-A007-88847925D872"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "77930F86-13FF-4787-A39F-2D00110AFBFC"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B1ADD64-2503-4EED-9F6F-E425A3406123"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A3067BE9-4314-42BD-8131-89C4899F7D47"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E00CA6E5-1F63-4D59-BA72-0F8697671718"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C35A2049-8502-41F2-894E-E39AEBEB6816"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.6:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1109A84D-1815-4A7B-8EDA-E493A1973224"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.7:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B20531A3-F6F8-4FE1-9C0A-FDFABAC4C6AA"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.8:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C9F212AE-D5B3-4A88-A1E6-00A13A0A2AD5"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD82E956-8C8E-4B38-9E82-4AA9AEFE6891"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D0F0EA4-A0DF-48CC-9B42-465A36945503"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.11:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8945D2A7-B1C3-4981-B840-FB046AB6F4B6"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.4.12:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "338E969E-2CC6-44F3-A938-EE7131375AB8"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78325087-599F-448B-8C47-570914FF6C59"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "059CFA5C-B262-47AF-94A6-8E74AFB19204"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12F25627-235B-4312-80A4-4E36DE0E72A4"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3E70B88-6348-42BB-AE96-46BDB1F3C6FB"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12A9DF25-48E8-4D52-A267-1BE0437E9000"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C986533F-E320-46FA-A9F7-DAFDB1A0628A"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C77DED4-2696-4172-92B7-43034E61F845"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EDCCFDA-99A8-4590-99F1-95F3A5AD70B4"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BED1BA7D-B603-49D4-9080-4A9FEC056A69"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E8EB86B-2DD9-4C4B-9C9A-E88B2C458C8B"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207B98DB-5962-4F62-AF5B-D48EF0C0E2A5"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFB65639-AE3A-4984-93F9-2A8100DCEE6B"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8921D08-FBA3-4C0A-8944-362909C5EB6B"
          },
          {
            "criteria": "cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FBD5312-E44F-4996-AA29-AFED53A90E8E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References
