FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-1629

This CVE name corresponds to:

Entered Topic
2006-04-05 openvpn -- LD_PRELOAD code execution on client through malicious or compromised server

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-1629
Phase Assigned(20060405)

Description

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.

References

Source Reference
MISC http://www.osreviews.net/reviews/security/openvpn-print
CONFIRM http://openvpn.net/changelog.html
CONFIRM http://sourceforge.net/mailarchive/forum.php?thread_id=10093825&forum_id=8482
DEBIAN DSA-1045
MANDRIVA MDKSA-2006:069
SUSE SUSE-SR:2006:009
BID 17392
VUPEN ADV-2006-1261
OSVDB 24444
SECUNIA 19531
SECUNIA 19598
SECUNIA 19837
SECUNIA 19897
XF openvpn-ldpreload-code-execution(25667)