CVE-2011-2147 in Openswaninfo

Summary

by MITRE

Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/24/2019

The vulnerability described in CVE-2011-2147 affects Openswan version 2.2.x and represents a significant security flaw in the IPsec starter component that impacts system integrity and process isolation. This issue stems from improper permission handling for critical system files that are essential for IPsec service management. The vulnerability manifests through two specific files: /var/run/starter.pid and /var/lock/subsys/ipsec, both of which are configured with overly permissive 0666 permissions that allow any local user to write arbitrary data to these locations. This misconfiguration creates a path for privilege escalation and process manipulation that directly violates fundamental security principles of access control and system isolation.

The technical flaw in Openswan 2.2.x stems from the failure to implement proper file permission controls for system management files that are crucial for IPsec service operation. When these files are created with world-writable permissions, they become attack vectors that enable local users to manipulate the IPsec service in potentially harmful ways. The /var/run/starter.pid file contains the process identifier of the IPsec starter daemon, while the /var/lock/subsys/ipsec file serves as a lock file to indicate service status. Both files are created with 0666 permissions, which means that any user can write to them, creating opportunities for malicious activity. This flaw directly relates to CWE-732, which addresses inadequate permissions for critical system resources, and represents a classic example of insecure default permissions in system services.

The operational impact of this vulnerability extends beyond simple privilege escalation to encompass broader system compromise potential. Local attackers can exploit these weak permissions to kill arbitrary processes by writing malicious PIDs to the starter.pid file, effectively allowing them to terminate critical system processes including the IPsec service itself. Additionally, the vulnerability enables potential disk quota bypass mechanisms where attackers can write arbitrary data to the lock file to consume disk space or manipulate system resources. This type of attack aligns with ATT&CK technique T1059, which involves executing malicious code through system processes, and T1490, which covers data destruction and resource consumption. The vulnerability creates a persistent threat vector that could be exploited by both malicious insiders and external attackers who gain local access to the system.

The security implications of CVE-2011-2147 represent a fundamental failure in the principle of least privilege and proper system hardening. The 0666 permissions on these critical files violate standard security practices that require restrictive access controls on system management files. This vulnerability demonstrates the importance of proper file permission management in security-critical applications and highlights how seemingly minor configuration errors can create significant attack surfaces. System administrators should immediately address this issue by ensuring that the starter.pid and ipsec lock files are created with appropriate permissions that restrict write access to authorized processes only. The vulnerability also underscores the need for regular security audits of system service configurations and proper implementation of security baselines that prevent such misconfigurations from occurring in production environments. This issue serves as a reminder of the critical importance of maintaining secure default configurations in security software and the potential consequences of failing to implement proper access controls for system management files.

Reservation

05/20/2011

Disclosure

05/20/2011

Moderation

accepted

Entry

VDB-57486

CPE

ready

EPSS

0.00345

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!