FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openvpn -- arbitrary code execution on client through malicious or compromised server

Affected packages
2.0 <= openvpn < 2.0.4

Details

VuXML ID 6129fdc7-6462-456d-a3ef-8fc3fbf44d16
Discovery 2005-10-31
Entry 2005-11-01
Modified 2005-11-04

James Yonan reports:

A format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if (a) the client's TLS negotiation with the server succeeds, (b) the server is malicious or has been compromised such that it is configured to push a maliciously crafted options string to the client, and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file (Credit: Vade79).

References

CVE Name CVE-2005-3393
Message http://www.securityfocus.com/archive/1/415293/30/0/threaded
URL http://openvpn.net/changelog.html