Vulnerability Name:

CVE-2008-4190 (CCN-45250)

Assigned:2008-08-24
Published:2008-08-24
Updated:2019-07-29
Summary:The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files.
Note: in many distributions and the upstream version, this tool has been disabled.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.6 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-59
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Debian Bug report logs - #496374
The possibility of attack with the help of symlinks in some Debian packages

Source: CONFIRM
Type: Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374

Source: MITRE
Type: CNA
CVE-2008-4190

Source: CONFIRM
Type: UNKNOWN
http://dev.gentoo.org/~rbu/security/debiantemp/openswan

Source: CCN
Type: RHSA-2009-0402
Important: openswan security update

Source: SECUNIA
Type: Vendor Advisory
34182

Source: SECUNIA
Type: Vendor Advisory
34472

Source: CCN
Type: Dmitry E. Oboukhov Advisory
Package: openswan

Source: DEBIAN
Type: Patch
DSA-1760

Source: DEBIAN
Type: DSA-1760
openswan -- denial of service

Source: CCN
Type: GLSA-200903-18
Openswan: Insecure temporary file creation

Source: CCN
Type: Openswan Web site
Openswan

Source: MLIST
Type: UNKNOWN
[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

Source: REDHAT
Type: Patch
RHSA-2009:0402

Source: BUGTRAQ
Type: UNKNOWN
20090309 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation

Source: BUGTRAQ
Type: UNKNOWN
20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation

Source: BID
Type: Patch
31243

Source: CCN
Type: BID-31243
Openswan IPsec Livetest Insecure Temporary File Creation Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugs.gentoo.org/show_bug.cgi?id=235770

Source: CCN
Type: Red Hat Bugzilla Bug 460425
openswan: Insecure auxiliary /tmp file usage (symlink attack possible)

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=460425

Source: XF
Type: UNKNOWN
openswan-livetest-symlink(45250)

Source: XF
Type: UNKNOWN
openswan-livetest-symlink(45250)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10078

Source: EXPLOIT-DB
Type: UNKNOWN
9135

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openswan:openswan:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openswan:openswan:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*
  • OR cpe:/a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20084190
    V
    		CVE-2008-4190
    2022-05-20
    oval:org.opensuse.security:def:42201
    P
    		Security update for libmspack (Low)
    2022-01-13
    oval:org.opensuse.security:def:31755
    P
    		Security update for libvirt (Important)
    2022-01-10
    oval:org.opensuse.security:def:31715
    P
    		Security update for the Linux Kernel (Important)
    2021-12-06
    oval:org.opensuse.security:def:31307
    P
    		Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:31699
    P
    		Security update for binutils (Moderate)
    2021-11-02
    oval:org.opensuse.security:def:31273
    P
    		Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-09-23
    oval:org.opensuse.security:def:26120
    P
    		Security update for xerces-c (Important)
    2021-09-03
    oval:org.opensuse.security:def:31262
    P
    		Security update for openexr (Important)
    2021-09-02
    oval:org.opensuse.security:def:31261
    P
    		Security update for bind (Moderate)
    2021-08-30
    oval:org.opensuse.security:def:26076
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:31628
    P
    		Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:26062
    P
    		Security update for djvulibre (Important)
    2021-05-31
    oval:org.opensuse.security:def:31175
    P
    		Security update for graphviz (Critical)
    2021-05-19
    oval:org.opensuse.security:def:32081
    P
    		Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:31347
    P
    		Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:32015
    P
    		Security update for openssl (Important)
    2020-12-11
    oval:org.opensuse.security:def:31089
    P
    		Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:31090
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:35621
    P
    		openswan-2.6.16-1.34.3 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35794
    P
    		openswan-2.6.16-1.36.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:42028
    P
    		openswan-2.6.16-1.34.3 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31843
    P
    		Security update for cairo (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31927
    P
    		Security update for giflib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25172
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:25749
    P
    		Security update for pidgin (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25686
    P
    		Security update for wicked (Important)
    2020-12-01
    oval:org.opensuse.security:def:26758
    P
    		libopenssl0_9_8 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31865
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31976
    P
    		Security update for jasper (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25173
    P
    		Security update for ant (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25802
    P
    		Recommended update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25770
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26793
    P
    		openswan on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31399
    P
    		Security update for perl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31909
    P
    		Security update for freetype2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25184
    P
    		Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25851
    P
    		Security update for freerdp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25344
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25921
    P
    		Recommended update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:31456
    P
    		Security update for postgresql91
    2020-12-01
    oval:org.opensuse.security:def:32547
    P
    		libapr-util1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31479
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32037
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25248
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25890
    P
    		Security update for php5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25345
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25974
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31543
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:32586
    P
    		openswan on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31571
    P
    		Security update for strongswan (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25376
    P
    		Security update for dovecot22 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25904
    P
    		Security update for gegl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25356
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26023
    P
    		Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:32719
    P
    		libneon27 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25457
    P
    		Security update for aspell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25948
    P
    		Security update for libraw (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25420
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32758
    P
    		openswan on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25514
    P
    		Security update for mariadb-connector-c (Important)
    2020-12-01
    oval:org.opensuse.security:def:26586
    P
    		libexiv2-4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25548
    P
    		Security update for ceph (Important)
    2020-12-01
    oval:org.opensuse.security:def:31101
    P
    		Security update for kernel-source (Important)
    2020-12-01
    oval:org.opensuse.security:def:31804
    P
    		Security update for ant (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31871
    P
    		Security update for curl (Important)
    2020-12-01
    oval:org.opensuse.security:def:25598
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26621
    P
    		openswan on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25629
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.mitre.oval:def:28934
    P
    		RHSA-2009:0402 -- openswan security update (Important)
    2015-08-17
    oval:org.mitre.oval:def:13547
    P
    		DSA-1760-1 openswan -- denial of service
    2015-02-23
    oval:org.mitre.oval:def:21841
    P
    		ELSA-2009:0402: openswan security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:10078
    V
    		The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
    2013-04-29
    oval:com.redhat.rhsa:def:20090402
    P
    		RHSA-2009:0402: openswan security update (Important)
    2009-03-30
    oval:org.debian:def:1760
    V
    		denial of service
    2009-03-30
    BACK
    openswan openswan 1.0.4
    openswan openswan 1.0.5
    openswan openswan 1.0.6
    openswan openswan 1.0.7
    openswan openswan 1.0.8
    openswan openswan 1.0.9
    openswan openswan 2.1.1
    openswan openswan 2.1.2
    openswan openswan 2.1.4
    openswan openswan 2.1.5
    openswan openswan 2.1.6
    openswan openswan 2.2
    openswan openswan 2.3
    xelerance openswan 2.3.1
    xelerance openswan 2.4.0
    xelerance openswan 2.4.1
    xelerance openswan 2.4.2
    xelerance openswan 2.4.3
    xelerance openswan 2.4.4
    xelerance openswan 2.4.5
    xelerance openswan 2.4.6
    xelerance openswan 2.4.7
    xelerance openswan 2.4.8
    xelerance openswan 2.4.9
    xelerance openswan 2.4.10
    xelerance openswan 2.4.11
    xelerance openswan 2.4.12
    xelerance openswan 2.6.03
    xelerance openswan 2.6.04
    xelerance openswan 2.6.05
    xelerance openswan 2.6.06
    xelerance openswan 2.6.07
    xelerance openswan 2.6.08
    xelerance openswan 2.6.09
    xelerance openswan 2.6.10
    xelerance openswan 2.6.11
    xelerance openswan 2.6.12
    xelerance openswan 2.6.13
    xelerance openswan 2.6.14
    xelerance openswan 2.6.15
    xelerance openswan 2.6.16