Upstream information
Description
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
NVD | |
---|---|
Base Score | 4.4 |
Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Local |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA openswan-2.6.16-1.34.3 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA openswan-2.6.16-1.36.1 |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 18:28:44 2013CVE page last modified: Mon Sep 9 17:02:27 2024