|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
OpenVPN contains a flaw that may allow a malicious user to execute arbitrary code. The issue is caused due to OpenVPN clients allowing the server to transmit environment variables including LD_PRELOAD to client-side shell scripts via 'setenv' configuration directives. It is possible that the flaw may allow arbitrary code execution by placing and loading a file in a known location resulting in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified
|
|
Technical |
A successful attack appears to require the following conditions
(a) the client has agreed to allow the server to push configuration directives to it by including "pull" or the macro "client" in its configuration file
(b) the client configuration file uses a scripting directive such as "up" or "down"
(c) the client succesfully authenticates the server
(d) the server is malicious or has been compromised and is under the control of the attacker
(e) the attacker has at least some level of pre-existing control over files on the client (this might be accomplished by having the server respond to a client web request with a specially crafted file)
|
|
Solution |
Upgrade to version 2.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
OpenVPN
 |
2.0 |
2.0.1 |
2.0.2 |
2.0.3 |
2.0.4 |
2.0.5 |
|
|
|
|
|
|
Credit |
- Hendrik Weimer - hendrik
 enyo.de -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
