CVE-2013-7283 — Race Condition in Libreswan

CWE-362 — Race Condition5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

0.3%

top 44.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreswan Debian Libreswan

Timeline

PublishedJan 9

Latest updateMay 17

Description

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/libreswan

▶NVDlibreswan/libreswan3.6

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-gf3q-3q8v-qphc: Race condition in the libreswan↗2022-05-17

▶

📋Vendor Advisories

Red Hat

libreswan: insecure tmp files on rpm package installation↗2013-11-08

▶

Debian

CVE-2013-7283: libreswan - Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) a...↗2013

▶

💬Community

Bugzilla

CVE-2013-7283 libreswan: insecure tmp files on rpm package installation↗2014-01-09

▶