Summary
The host is running OpenVPN Client, which is prone to remote code execution vulnerability.
Impact
Remote attackers could execute arbitrary code on the Client.
Successful exploitation requires,
- the client to agree to allow the server to push configuration directives to it by including pull or the macro client in its configuration file.
- the client successfully authenticates the server.
- the server is malicious and has been compromised under the control of the attacker.
Impact Level : Application/System
Solution
Upgrade to higher version of Non-Windows OpenVPN client OpenVPN 2.1-rc9 http://openvpn.net/index.php/downloads.html
Insight
Application fails to properly validate the specially crafted input passed to lladdr/iproute configuration directives.
Affected
Non-Windows OpenVPN client OpenVPN 2.1-beta14 to OpenVPN 2.1-rc8
References
Severity
Classification
-
CVE CVE-2008-3459 -
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)