CVE-2008-4190
Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Privilege Escalation
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
La herramienta livetest de IPSEC en Openswan versión 2.4.12 y anteriores, y versiones 2.6.x hasta 2.6.16, permite a los usuarios locales sobrescribir archivos arbitrarios y ejecutar código arbitrario mediante un ataque de tipo symlink en los archivos temporales (1) ipseclive.conn y (2) ipsec.olts.remote.log. NOTA: en muchas distribuciones y en la versión anterior, esta herramienta se ha deshabilitado.
Multiple vulnerabilities has been discovered and corrected in openswan. The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the in many distributions and the upstream version, this tool has been disabled. The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted R_U_THERE_ACK Dead Peer Detection IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. Various other issues have also been addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-09-23 CVE Reserved
- 2008-09-24 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://dev.gentoo.org/~rbu/security/debiantemp/openswan | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2008/10/30/2 | Mailing List |
|
| http://www.securityfocus.com/archive/1/501624/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/501640/100/0/threaded | Mailing List | |
| https://bugs.gentoo.org/show_bug.cgi?id=235770 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45250 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9135 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374 | 2019-07-29 | |
| http://www.debian.org/security/2009/dsa-1760 | 2019-07-29 | |
| http://www.redhat.com/support/errata/RHSA-2009-0402.html | 2019-07-29 | |
| http://www.securityfocus.com/bid/31243 | 2019-07-29 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/34182 | 2019-07-29 | |
| http://secunia.com/advisories/34472 | 2019-07-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=460425 | 2009-03-30 | |
| https://access.redhat.com/security/cve/CVE-2008-4190 | 2009-03-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 1.0.4 Search vendor "Openswan" for product "Openswan" and version "1.0.4" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 1.0.5 Search vendor "Openswan" for product "Openswan" and version "1.0.5" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 1.0.6 Search vendor "Openswan" for product "Openswan" and version "1.0.6" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 1.0.7 Search vendor "Openswan" for product "Openswan" and version "1.0.7" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 1.0.8 Search vendor "Openswan" for product "Openswan" and version "1.0.8" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 1.0.9 Search vendor "Openswan" for product "Openswan" and version "1.0.9" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.1.1 Search vendor "Openswan" for product "Openswan" and version "2.1.1" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.1.2 Search vendor "Openswan" for product "Openswan" and version "2.1.2" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.1.4 Search vendor "Openswan" for product "Openswan" and version "2.1.4" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.1.5 Search vendor "Openswan" for product "Openswan" and version "2.1.5" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.1.6 Search vendor "Openswan" for product "Openswan" and version "2.1.6" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.2 Search vendor "Openswan" for product "Openswan" and version "2.2" | - |
Affected
| ||||||
| Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.3 Search vendor "Openswan" for product "Openswan" and version "2.3" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.3.1 Search vendor "Xelerance" for product "Openswan" and version "2.3.1" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.0 Search vendor "Xelerance" for product "Openswan" and version "2.4.0" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.1 Search vendor "Xelerance" for product "Openswan" and version "2.4.1" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.2 Search vendor "Xelerance" for product "Openswan" and version "2.4.2" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.3 Search vendor "Xelerance" for product "Openswan" and version "2.4.3" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.4 Search vendor "Xelerance" for product "Openswan" and version "2.4.4" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.5 Search vendor "Xelerance" for product "Openswan" and version "2.4.5" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.6 Search vendor "Xelerance" for product "Openswan" and version "2.4.6" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.7 Search vendor "Xelerance" for product "Openswan" and version "2.4.7" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.8 Search vendor "Xelerance" for product "Openswan" and version "2.4.8" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.9 Search vendor "Xelerance" for product "Openswan" and version "2.4.9" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.10 Search vendor "Xelerance" for product "Openswan" and version "2.4.10" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.11 Search vendor "Xelerance" for product "Openswan" and version "2.4.11" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.4.12 Search vendor "Xelerance" for product "Openswan" and version "2.4.12" | - |
Safe
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.03 Search vendor "Xelerance" for product "Openswan" and version "2.6.03" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.04 Search vendor "Xelerance" for product "Openswan" and version "2.6.04" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.05 Search vendor "Xelerance" for product "Openswan" and version "2.6.05" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.06 Search vendor "Xelerance" for product "Openswan" and version "2.6.06" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.07 Search vendor "Xelerance" for product "Openswan" and version "2.6.07" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.08 Search vendor "Xelerance" for product "Openswan" and version "2.6.08" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.09 Search vendor "Xelerance" for product "Openswan" and version "2.6.09" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.10 Search vendor "Xelerance" for product "Openswan" and version "2.6.10" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.11 Search vendor "Xelerance" for product "Openswan" and version "2.6.11" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.12 Search vendor "Xelerance" for product "Openswan" and version "2.6.12" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.13 Search vendor "Xelerance" for product "Openswan" and version "2.6.13" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.14 Search vendor "Xelerance" for product "Openswan" and version "2.6.14" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.15 Search vendor "Xelerance" for product "Openswan" and version "2.6.15" | - |
Affected
| ||||||
| Xelerance Search vendor "Xelerance" | Openswan Search vendor "Xelerance" for product "Openswan" | 2.6.16 Search vendor "Xelerance" for product "Openswan" and version "2.6.16" | - |
Affected
| ||||||