FreeBSD : openvpn -- arbitrary code execution on client through malicious or compromised server (6129fdc7-6462-456d-a3ef-8fc3fbf44d16)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

James Yonan reports :

A format string vulnerability in the foreign_option function in
options.c could potentially allow a malicious or compromised server to
execute arbitrary code on the client. Only non-Windows clients are
affected. The vulnerability only exists if (a) the client's TLS
negotiation with the server succeeds, (b) the server is malicious or
has been compromised such that it is configured to push a maliciously
crafted options string to the client, and (c) the client indicates its
willingness to accept pushed options from the server by having 'pull'
or 'client' in its configuration file (Credit: Vade79).

See also :

http://www.securityfocus.com/archive/1/415293/30/0/threaded
http://openvpn.net/changelog.html
http://www.nessus.org/u?3be7607e

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21438 (freebsd_pkg_6129fdc76462456da3ef8fc3fbf44d16.nasl)

Bugtraq ID:

CVE ID: CVE-2005-3393

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now