FreeBSD : openvpn -- LD_PRELOAD code execution on client through malicious or compromised server (be4ccb7b-c48b-11da-ae12-0002b3b60e4c)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Hendrik Weimer reports :

OpenVPN clients are a bit too generous when accepting configuration
options from a server. It is possible to transmit environment
variables to client-side shell scripts. There are some filters in
place to prevent obvious nonsense, however they don't catch the good
old LD_PRELOAD trick. All we need is to put a file onto the client
under a known location (e.g. by returning a specially crafted document
upon web access) and we have a remote root exploit. But since the
attack may only come from authenticated servers, this threat is
greatly reduced.

See also :

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.0

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21505 (freebsd_pkg_be4ccb7bc48b11daae120002b3b60e4c.nasl)

Bugtraq ID:

CVE ID: CVE-2006-1629

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now