Openswan : Security Vulnerabilities, CVEs, Published In 2008 (Code Execution)
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
Max CVSS
4.4
EPSS Score
0.04%
Published
2008-09-24
Updated
2019-07-29
1 vulnerabilities found