[Openvpn-users] OpenVPN 2.0.6 released

[James Yonan <jim@xxxxxxxxx>]

2006.04.05 -- Version 2.0.6

* Security Vulnerability affecting OpenVPN 2.0 through 2.0.5.
 An OpenVPN client connecting to a
 malicious or compromised server could potentially receive
 "setenv" configuration directives from the server which could
 cause arbitrary code execution on the client via a LD_PRELOAD
 attack.  A successful attack appears to require that (a) the
 client has agreed to allow the server to push configuration
 directives to it by including "pull" or the macro "client" in
 its configuration file, (b) the client configuration file uses
 a scripting directive such as "up" or "down", (c) the client
 successfully authenticates the server, (d) the server is
 malicious or has been compromised and is under the control of
 the attacker, and (e) the attacker has at least some level of
 pre-existing control over files on the client (this might be
 accomplished by having the server respond to a client web
 request with a specially crafted file). Credit: Hendrik Weimer.
 The fix is to disallow "setenv" to be pushed to clients from
 the server.  For those who need this capability, OpenVPN
 2.1 supports a new "setenv-safe" directive which is free
 of this vulnerability.

 A patch is available to fix the vulnerability for all
 affected OpenVPN versions (2.0 -> 2.0.5):

 http://openvpn.net/patch/2.0.6-security-patches/setenv.patch

* When deleting routes under Linux, use the route metric
 as a differentiator to ensure that the route teardown
 process only deletes the identical route which was originally
 added via the "route" directive (Roy Marples).

* Fix the t_cltsrv.sh file in FreeBSD 4 jails
 (Matthias Andree, Dirk Meyer, Vasil Dimov).

* Extended tun device configure code to support ethernet
 bridging on NetBSD (Emmanuel Kasper).

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users