CVE-2008-4190

Name	CVE-2008-4190
Description	The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1760-1
Debian Bugs	496374

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
openswan	source	etch	1:2.4.6+dfsg.2-1.1+etch1		DSA-1760-1
openswan	source	lenny	1:2.4.12+dfsg-1.3+lenny1		DSA-1760-1
openswan	source	(unstable)	1:2.4.12+dfsg-1.3	low		496374

Notes

[etch] - openswan <no-dsa> (Vulnerable code only in example script)