Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372961 (CVE-2011-2147) - <net-misc/openswan-2.6.37: DOS (CVE-2011-2147)
Summary: <net-misc/openswan-2.6.37: DOS (CVE-2011-2147)
Status: RESOLVED FIXED
Alias: CVE-2011-2147
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa]
Keywords:
Depends on: CVE-2011-4073
Blocks:
  Show dependency tree
 
Reported: 2011-06-25 12:19 UTC by GLSAMaker/CVETool Bot
Modified: 2012-03-16 11:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 12:19:00 UTC
CVE-2011-2147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2147):
  Openswan 2.2.x does not properly restrict permissions for (1)
  /var/run/starter.pid, related to starter.c in the IPsec starter, and (2)
  /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes
  by writing a PID to a file, or possibly bypass disk quotas by writing
  arbitrary data to a file, as demonstrated by files with 0666 permissions, a
  different vulnerability than CVE-2011-1784.
Comment 1 Sean Amoss gentoo-dev Security 2012-03-06 21:13:04 UTC
Adding to GLSA request with bug 389097.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-03-16 11:15:23 UTC
This issue was resolved and addressed in
 GLSA 201203-13 at http://security.gentoo.org/glsa/glsa-201203-13.xml
by GLSA coordinator Sean Amoss (ackle).