Gentoo: GLSA-202310-12 Moderate: Openswan Symlink Vulnerability Mitigation
gentoo
March 9, 2009
An insecure temporary file usage has been reported in Openswan, allowing for symlink attacks.
Summary
Gentoo Linux Security Advisory GLSA 200903-18
https://security.gentoo.org/
Severity: Normal
Title: Openswan: Insecure temporary file creation
Date: March 09, 2009
Bugs: #238574
ID: 200903-18
Synopsis
=======
An insecure temporary file usage has been reported in Openswan,
allowing for symlink attacks.
Background
=========
Openswan is an implementation of IPsec for Linux.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openswan < 2.4.13-r2 >= 2.4.13-r2
==========
Dmitry E. Oboukhov reported that the IPSEC livetest tool does not
handle the ipseclive.conn and ipsec.olts.remote.log temporary files
securely.
Impact
=====
A local attacker could perform symlink...
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Warning: Undefined array key "advisory_info" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/4179842_4c9dbbdde36eef04251a4ced7eac4df9 on line 11
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!