Nofame

**Name of the Vulnerable Software and Affected Versions** Openswan versions 2.4.12 and earlier Openswan versions 2.6.x through 2.6.16 **Description** The issue allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files, potentially leading to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally. **Recommendations** For Openswan versions 2.4.12 and earlier, consider disabling the IPSEC livetest tool until a patch is available. For Openswan versions 2.6.x through 2.6.16, consider disabling the IPSEC livetest tool until a patch is available. As a temporary workaround, consider restricting access to the temporary files `ipseclive.conn` and `ipsec.olts.remote.log` to minimize the risk of exploitation.