CVE-2008-4190
Published: 24 September 2008
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
Priority
Status
Package | Release | Status |
---|---|---|
openswan Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Not vulnerable
(1:2.4.12+dfsg-1.3)
|
|
jaunty |
Not vulnerable
(1:2.4.12+dfsg-1.3)
|
|
karmic |
Not vulnerable
(1:2.4.12+dfsg-1.3)
|
|
lucid |
Not vulnerable
(1:2.4.12+dfsg-1.3)
|
|
maverick |
Not vulnerable
(1:2.4.12+dfsg-1.3)
|
|
natty |
Not vulnerable
(1:2.4.12+dfsg-1.3)
|
|
oneiric |
Not vulnerable
(1:2.4.12+dfsg-1.3)
|
|
upstream |
Released
(1:2.4.12+dfsg-1.3)
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374 |