Openswan: Insecure temporary file creation

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200903-18 / openswan
Release Date	March 09, 2009
Latest Revision	March 09, 2009: 01
Impact	normal
Exploitable	local

Package	Vulnerable versions	Unaffected versions	Architecture(s)
net-misc/openswan	< 2.4.13-r2	>= 2.4.13-r2	All supported architectures

Related bugreports: #238574

Synopsis

An insecure temporary file usage has been reported in Openswan, allowing for symlink attacks.

2. Impact Information

Background

Openswan is an implementation of IPsec for Linux.

Description

Dmitry E. Oboukhov reported that the IPSEC livetest tool does not handle the ipseclive.conn and ipsec.olts.remote.log temporary files securely.

Impact

A local attacker could perform symlink attacks to execute arbitrary code and overwrite arbitrary files with the privileges of the user running the application.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Openswan users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.13-r2"

4. References

CVE-2008-4190

Page updated March 09, 2009

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.