CVE-2008-4190

CVE-2008-4190 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

Learn more about our User Device Pen Test.