CVE-2008-4190

{"id": "CVE-2008-4190", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-09-24T11:42:25.250", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://dev.gentoo.org/~rbu/security/debiantemp/openswan", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34182", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34472", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2009/dsa-1760", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/501624/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/501640/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31243", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460425", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45250", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/9135", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled."}, {"lang": "es", "value": "La herramienta livetest de IPSEC en Openswan versi\u00f3n 2.4.12 y anteriores, y versiones 2.6.x hasta 2.6.16, permite a los usuarios locales sobrescribir archivos arbitrarios y ejecutar c\u00f3digo arbitrario mediante un ataque de tipo symlink en los archivos temporales (1) ipseclive.conn y (2) ipsec.olts.remote.log. NOTA: en muchas distribuciones y en la versi\u00f3n anterior, esta herramienta se ha deshabilitado."}], "lastModified": "2019-07-29T14:24:46.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openswan:openswan:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83BD9C38-8D11-4A21-9A80-83D4D02ECC3C"}, {"criteria": "cpe:2.3:a:openswan:openswan:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BF7EA37-F5B2-4EBE-A959-29F559A47F47"}, {"criteria": "cpe:2.3:a:openswan:openswan:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C062450-8D41-4E0C-AEAD-6C51D9B8F107"}, {"criteria": "cpe:2.3:a:openswan:openswan:1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D15B299-2298-4617-8CED-5F98C2E68D07"}, {"criteria": "cpe:2.3:a:openswan:openswan:1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7FA0C68-A45A-42EB-9F1F-E911F32589BC"}, {"criteria": "cpe:2.3:a:openswan:openswan:1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "411E9D06-5756-4918-965C-3E83890F0316"}, {"criteria": "cpe:2.3:a:openswan:openswan:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A9EABDE-514F-42BA-A335-135209605981"}, {"criteria": "cpe:2.3:a:openswan:openswan:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2425AF51-C42B-4EAA-A619-EE47EAFCBA83"}, {"criteria": "cpe:2.3:a:openswan:openswan:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "892D939B-4649-4B90-A2C0-6C2E4DDF7DFD"}, {"criteria": "cpe:2.3:a:openswan:openswan:2.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A321B57-5E08-48C8-9288-A92342770FD1"}, {"criteria": "cpe:2.3:a:openswan:openswan:2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54780B50-9CFE-43B6-8BB9-C7246F817773"}, {"criteria": "cpe:2.3:a:openswan:openswan:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "001E2700-CE33-495A-8F8A-81E2E550CFF2"}, {"criteria": "cpe:2.3:a:openswan:openswan:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A628FE6-A042-4DF9-A141-8BE65FD236C5"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "112D7B10-50E4-4903-9E34-DB4857D6C658"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7841F42-1226-43C4-A007-88847925D872"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77930F86-13FF-4787-A39F-2D00110AFBFC"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B1ADD64-2503-4EED-9F6F-E425A3406123"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A3067BE9-4314-42BD-8131-89C4899F7D47"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E00CA6E5-1F63-4D59-BA72-0F8697671718"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C35A2049-8502-41F2-894E-E39AEBEB6816"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1109A84D-1815-4A7B-8EDA-E493A1973224"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B20531A3-F6F8-4FE1-9C0A-FDFABAC4C6AA"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.8:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C9F212AE-D5B3-4A88-A1E6-00A13A0A2AD5"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD82E956-8C8E-4B38-9E82-4AA9AEFE6891"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D0F0EA4-A0DF-48CC-9B42-465A36945503"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.11:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8945D2A7-B1C3-4981-B840-FB046AB6F4B6"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.4.12:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "338E969E-2CC6-44F3-A938-EE7131375AB8"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78325087-599F-448B-8C47-570914FF6C59"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "059CFA5C-B262-47AF-94A6-8E74AFB19204"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12F25627-235B-4312-80A4-4E36DE0E72A4"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3E70B88-6348-42BB-AE96-46BDB1F3C6FB"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12A9DF25-48E8-4D52-A267-1BE0437E9000"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C986533F-E320-46FA-A9F7-DAFDB1A0628A"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C77DED4-2696-4172-92B7-43034E61F845"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EDCCFDA-99A8-4590-99F1-95F3A5AD70B4"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BED1BA7D-B603-49D4-9080-4A9FEC056A69"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E8EB86B-2DD9-4C4B-9C9A-E88B2C458C8B"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "207B98DB-5962-4F62-AF5B-D48EF0C0E2A5"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFB65639-AE3A-4984-93F9-2A8100DCEE6B"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8921D08-FBA3-4C0A-8944-362909C5EB6B"}, {"criteria": "cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FBD5312-E44F-4996-AA29-AFED53A90E8E"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue has been addressed via: https://rhn.redhat.com/errata/RHSA-2009-0402.html", "lastModified": "2009-03-30T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}