[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-devel] OpenVPN 2.1-beta12 released


  • Subject: Re: [Openvpn-devel] OpenVPN 2.1-beta12 released
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Wed, 05 Apr 2006 12:54:36 -0600

James Yonan wrote:
2006.04.05 -- Version 2.1-beta12

* Security Vulnerability -- An OpenVPN client connecting to a
malicious or compromised server could potentially receive
"setenv" configuration directives from the server which could
cause arbitrary code execution on the client via a LD_PRELOAD
attack...
This vulnerability has been assigned the name CVE-2006-1629.

James