[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-devel] OpenVPN 2.0.6 released


  • Subject: Re: [Openvpn-devel] OpenVPN 2.0.6 released
  • From: Matthias Andree <matthias.andree@xxxxxx>
  • Date: Wed, 5 Apr 2006 12:22:56 +0200

On Wed, 05 Apr 2006, James Yonan wrote:

> 2006.04.05 -- Version 2.0.6
> 
> * Security Vulnerability affecting OpenVPN 2.0 through 2.0.5.
>  An OpenVPN client connecting to a
>  malicious or compromised server could potentially receive
>  "setenv" configuration directives from the server which could
>  cause arbitrary code execution on the client via a LD_PRELOAD
>  attack.  A successful attack appears to require that (a) the
...

James:

What is the MITRE CVE name for this vulnerability?

Thanks,

-- 
Matthias Andree