OpenVPN Client 'lladdr' and 'iproute' Configuration Directive Remote Code Execution Vulnerability
BID:30532
Info
OpenVPN Client 'lladdr' and 'iproute' Configuration Directive Remote Code Execution Vulnerability
| Bugtraq ID: | 30532 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2008-3459 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 04 2008 12:00AM |
| Updated: | May 07 2015 05:25PM |
| Credit: | David Wagner |
| Vulnerable: |
OpenVPN OpenVPN 2.1-rc8 OpenVPN OpenVPN 2.1-beta14 |
| Not Vulnerable: |
OpenVPN OpenVPN 2.1-rc9 |
Discussion
OpenVPN Client 'lladdr' and 'iproute' Configuration Directive Remote Code Execution Vulnerability
In certain circumstances, the OpenVPN client is prone to a remote code-execution vulnerability when handling specially crafted configuration directives.
Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will likely result in denial-of-service conditions.
NOTE: Only non-Windows clients are affected.
This issue affects OpenVPN clients 2.1-beta14 through 2.1-rc8.
In certain circumstances, the OpenVPN client is prone to a remote code-execution vulnerability when handling specially crafted configuration directives.
Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will likely result in denial-of-service conditions.
NOTE: Only non-Windows clients are affected.
This issue affects OpenVPN clients 2.1-beta14 through 2.1-rc8.
Exploit / POC
OpenVPN Client 'lladdr' and 'iproute' Configuration Directive Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
OpenVPN Client 'lladdr' and 'iproute' Configuration Directive Remote Code Execution Vulnerability
Solution:
Vendor fixes are available. Please see the references for more information.
OpenVPN OpenVPN 2.1-beta14
OpenVPN OpenVPN 2.1-rc8
Solution:
Vendor fixes are available. Please see the references for more information.
OpenVPN OpenVPN 2.1-beta14
-
OpenVPN openvpn-2.1_rc9.tar.gz
http://openvpn.net/release/openvpn-2.1_rc9.tar.gz
OpenVPN OpenVPN 2.1-rc8
-
OpenVPN openvpn-2.1_rc9.tar.gz
http://openvpn.net/release/openvpn-2.1_rc9.tar.gz
References
OpenVPN Client 'lladdr' and 'iproute' Configuration Directive Remote Code Execution Vulnerability
References:
References:
- 2.1 Change Log (OpenVPN)
- OpenVPN Homepage (OpenVPN)