Dear Steffen Joeris
Based on some code analysis and testing I'm sure the problem is not even
present in oldstable - no starter.pid is ever written and the subsys entry gets
created with -rw-r--r-- permissions so I would opt for closing this bug and the
corresponding security tracker entry as
Package: openswan
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for openswan.
CVE-2011-2147[0]:
| Openswan 2.2.x does not properly restrict permissions for (1)
| /var/run/starter.pid,
2 matches
Mail list logo