CVE-2008-4190

🗓️ 24 Sep 2008 10:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 70 Views🌐 WEB

IPSEC livetest tool vulnerability in Openswa

Reporter	Title	Published	Views	Family All 40
0day.today	Openswan <= 2.4.12/2.6.16 Insecure Temp File Creation Root Exploit	13 Jul 200900:00	–	zdt
BDU FSTEC	The vulnerability of the Gentoo Linux operating system allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
Tenable Nessus	CentOS 5 : openswan (CESA-2009:0402)	6 Jan 201000:00	–	nessus
Tenable Nessus	Debian DSA-1760-1 : openswan - denial of service	31 Mar 200900:00	–	nessus
Tenable Nessus	GLSA-200903-18 : Openswan: Insecure temporary file creation	10 Mar 200900:00	–	nessus
Tenable Nessus	Oracle Linux 5 : openswan (ELSA-2009-0402)	12 Jul 201300:00	–	nessus
Tenable Nessus	RHEL 5 : openswan (RHSA-2009:0402)	31 Mar 200900:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : openswan on SL5.x i386/x86_64	1 Aug 201200:00	–	nessus
Cent OS	openswan security update	9 Apr 200910:33	–	centos
Circl	CVE-2008-4190	13 Jul 200900:00	–	circl

NVD

Node

openswan openswanMatch1.0.4

OR

openswan openswanMatch1.0.5

OR

openswan openswanMatch1.0.6

OR

openswan openswanMatch1.0.7

OR

openswan openswanMatch1.0.8

OR

openswan openswanMatch1.0.9

OR

openswan openswanMatch2.1.1

OR

openswan openswanMatch2.1.2

OR

openswan openswanMatch2.1.4

OR

openswan openswanMatch2.1.5

OR

openswan openswanMatch2.1.6

OR

openswan openswanMatch2.2

OR

openswan openswanMatch2.3

OR

xelerance openswanMatch2.3.1

OR

xelerance openswanMatch2.4.0

OR

xelerance openswanMatch2.4.1

OR

xelerance openswanMatch2.4.2

OR

xelerance openswanMatch2.4.3

OR

xelerance openswanMatch2.4.4

OR

xelerance openswanMatch2.4.5

OR

xelerance openswanMatch2.4.6

OR

xelerance openswanMatch2.4.7

OR

xelerance openswanMatch2.4.8

OR

xelerance openswanMatch2.4.9

OR

xelerance openswanMatch2.4.10

OR

xelerance openswanMatch2.4.11

OR

xelerance openswanMatch2.4.12

OR

xelerance openswanMatch2.6.03

OR

xelerance openswanMatch2.6.04

OR

xelerance openswanMatch2.6.05

OR

xelerance openswanMatch2.6.06

OR

xelerance openswanMatch2.6.07

OR

xelerance openswanMatch2.6.08

OR

xelerance openswanMatch2.6.09

OR

xelerance openswanMatch2.6.10

OR

xelerance openswanMatch2.6.11

OR

xelerance openswanMatch2.6.12

OR

xelerance openswanMatch2.6.13

OR

xelerance openswanMatch2.6.14

OR

xelerance openswanMatch2.6.15

OR

xelerance openswanMatch2.6.16

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/45250
openwall	www.openwall.com/lists/oss-security/2008/10/30/2
redhat	www.redhat.com/support/errata/RHSA-2009-0402.html
debian	www.debian.org/security/2009/dsa-1760
bugs	www.bugs.gentoo.org/show_bug.cgi
securityfocus	www.securityfocus.com/bid/31243
secunia	www.secunia.com/advisories/34472
securityfocus	www.securityfocus.com/archive/1/501624/100/0/threaded
secunia	www.secunia.com/advisories/34182
securityfocus	www.securityfocus.com/archive/1/501640/100/0/threaded

Parameter	Position	Path	Description	CWE
leftid	query param	/olts/	Web endpoint vulnerability allowing symlink local root exploit via livetest tool; race condition can lead to arbitrary file write/execute.	CWE-59
leftrsasigkey	query param	/olts/	Web endpoint vulnerability allowing symlink local root exploit via livetest tool; race condition can lead to arbitrary file write/execute.	CWE-59
version	query param	/olts/	Web endpoint vulnerability allowing symlink local root exploit via livetest tool; race condition can lead to arbitrary file write/execute.	CWE-59

16 Jun 2026 22:57Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24.4

EPSS0.01115

cve-2008-4190 ipsec openswan vulnerability symlink attack arbitrary code execution