Vulnerabilities > Openswan > Openswan > 1.0.8

DATE CVE VULNERABILITY TITLE RISK
2008-09-24 CVE-2008-4190 Link Following vulnerability in multiple products
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files.
4.4