This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Hendrik Weimer reports :
OpenVPN clients are a bit too generous when accepting configuration
options from a server. It is possible to transmit environment
variables to client-side shell scripts. There are some filters in
place to prevent obvious nonsense, however they don't catch the good
old LD_PRELOAD trick. All we need is to put a file onto the client
under a known location (e.g. by returning a specially crafted document
upon web access) and we have a remote root exploit. But since the
attack may only come from authenticated servers, this threat is
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 9.0