Executive Summary
| Summary | |
|---|---|
| Title | New OpenVPN packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-1045 | First vendor Publication | 2006-04-27 |
| Vendor | Debian | Last vendor Modification | 2006-04-27 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Hendrik Weimer discovered that OpenVPN, the Virtual Private Network daemon, allows to push environment variables to a client allowing a malicious VPN server to take over connected clients. the old stable distribution (woody) does not contain openvpn packages. For the stable distribution (sarge) this problem has been fixed in version 2.0-1sarge3. For the unstable distribution (sid) this problem has been fixed in version 2.0.6-1. We recommend that you upgrade your openvpn package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1045 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 4 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: openvpn File : nvt/freebsd_openvpn5.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1045-1 (openvpn) File : nvt/deb_1045_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 24444 | OpenVPN LD_PRELOAD Environment Variable Pushing Arbitrary Code Execution OpenVPN contains a flaw that may allow a malicious user to execute arbitrary code. The issue is caused due to OpenVPN clients allowing the server to transmit environment variables including LD_PRELOAD to client-side shell scripts via 'setenv' configuration directives. It is possible that the flaw may allow arbitrary code execution by placing and loading a file in a known location resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1045.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_be4ccb7bc48b11daae120002b3b60e4c.nasl - Type : ACT_GATHER_INFO |
| 2006-04-11 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-069.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:43 |
|
