First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 128888
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Roy Marples (RETIRED) <uberlord@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 128888 depends on: Show dependency tree
Bug 128888 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-04-05 03:22 0000 
Security Vulnerability affecting OpenVPN 2.0 through 2.0.5.
  An OpenVPN client connecting to a
  malicious or compromised server could potentially receive
  "setenv" configuration directives from the server which could
  cause arbitrary code execution on the client via a LD_PRELOAD
  attack.  A successful attack appears to require that (a) the
  client has agreed to allow the server to push configuration
  directives to it by including "pull" or the macro "client" in
  its configuration file, (b) the client configuration file uses
  a scripting directive such as "up" or "down", (c) the client
  succesfully authenticates the server, (d) the server is
  malicious or has been compromised and is under the control of
  the attacker, and (e) the attacker has at least some level of
  pre-existing control over files on the client (this might be
  accomplished by having the server respond to a client web
  request with a specially crafted file).
  The fix is to disallow "setenv" to be pushed to clients from
  the server.  For those who need this capability, OpenVPN
  2.1 supports a new "setenv-safe" directive which is free
  of this vulnerability.

2.0.6 is in the tree and works from a brief test. We don't ship any default
configs, so we don't suffer from this by default.

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-04-05 09:32:38 0000 ------- 
arches please test and mark 2.0.6 stable, thank you.

------- Comment #2 From Tobias Scherbaum 2006-04-05 11:35:23 0000 ------- 
ppc stable

------- Comment #3 From Gustavo Zacarias (RETIRED) 2006-04-05 12:07:43 0000 ------- 
sparc stable.

------- Comment #4 From Patrick McLean 2006-04-05 13:35:41 0000 ------- 
stable on amd64

------- Comment #5 From Andrej Kacian (RETIRED) 2006-04-05 14:11:42 0000 ------- 
x86 happy!

------- Comment #6 From René Nussbaumer 2006-04-07 09:05:39 0000 ------- 
stable on hppa

------- Comment #7 From Bryan Østergaard (RETIRED) 2006-04-08 10:05:39 0000 ------- 
Alpha stable.

------- Comment #8 From Fabian Groffen 2006-04-09 01:52:44 0000 ------- 
ppc-macos stable

------- Comment #9 From Sune Kloppenborg Jeppesen 2006-04-09 03:41:56 0000 ------- 
Thx everyone. Closing with NO GLSA (C4).
First Last Prev Next    No search results available      Search page      Enter new bug