Candidate: CVE-2008-4190
PublicDate: 2008-09-24 11:42:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4190
Description:
 The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through
 2.6.16, allows local users to overwrite arbitrary files and execute
 arbitrary code via a symlink attack on the (1) ipseclive.conn and (2)
 ipsec.olts.remote.log temporary files.  NOTE: in many distributions and the
 upstream version, this tool has been disabled.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_openswan:
 vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
upstream_openswan: released (1:2.4.12+dfsg-1.3)
dapper_openswan: ignored (reached end-of-life)
feisty_openswan: needed (reached end-of-life)
gutsy_openswan: needed (reached end-of-life)
hardy_openswan: ignored (reached end-of-life)
intrepid_openswan: not-affected (1:2.4.12+dfsg-1.3)
jaunty_openswan: not-affected (1:2.4.12+dfsg-1.3)
karmic_openswan: not-affected (1:2.4.12+dfsg-1.3)
lucid_openswan: not-affected (1:2.4.12+dfsg-1.3)
maverick_openswan: not-affected (1:2.4.12+dfsg-1.3)
natty_openswan: not-affected (1:2.4.12+dfsg-1.3)
oneiric_openswan: not-affected (1:2.4.12+dfsg-1.3)
devel_openswan: not-affected (1:2.4.12+dfsg-1.3)