Vulnerability Database

296,746

Total vulnerabilities in the database

CVE-2008-4190

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

  • Published: Sep 24, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-4190
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.4
  • AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
openswan / openswan 1.0.5 1.0.5.x
openswan / openswan 2.1.6 2.1.6.x
openswan / openswan 2.1.4 2.1.4.x
openswan / openswan 1.0.9 1.0.9.x
openswan / openswan 1.0.8 1.0.8.x
openswan / openswan 1.0.7 1.0.7.x
openswan / openswan 2.3 2.3.x
openswan / openswan 1.0.6 1.0.6.x
openswan / openswan 2.2 2.2.x
openswan / openswan 2.1.1 2.1.1.x
openswan / openswan 2.1.5 2.1.5.x
openswan / openswan 1.0.4 1.0.4.x
openswan / openswan 2.1.2 2.1.2.x
xelerance / openswan 2.3.1 2.3.1.x
xelerance / openswan 2.4.2 2.4.2.x
xelerance / openswan 2.4.4 2.4.4.x
xelerance / openswan 2.6.03 2.6.03.x
xelerance / openswan 2.6.04 2.6.04.x
xelerance / openswan 2.6.05 2.6.05.x
xelerance / openswan 2.6.06 2.6.06.x
xelerance / openswan 2.6.07 2.6.07.x
xelerance / openswan 2.6.08 2.6.08.x
xelerance / openswan 2.6.09 2.6.09.x
xelerance / openswan 2.6.10 2.6.10.x
xelerance / openswan 2.6.11 2.6.11.x
xelerance / openswan 2.6.12 2.6.12.x
xelerance / openswan 2.6.13 2.6.13.x
xelerance / openswan 2.6.14 2.6.14.x
xelerance / openswan 2.6.15 2.6.15.x
xelerance / openswan 2.6.16 2.6.16.x
xelerance / openswan 2.4.0 2.4.0.x