FreeBSD : openvpn -- arbitrary code execution on client through malicious or compromised server (6129fdc7-6462-456d-a3ef-8fc3fbf44d16)

High Nessus Plugin ID 21438


The remote FreeBSD host is missing a security-related update.


James Yonan reports :

A format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if (a) the client's TLS negotiation with the server succeeds, (b) the server is malicious or has been compromised such that it is configured to push a maliciously crafted options string to the client, and (c) the client indicates its willingness to accept pushed options from the server by having 'pull' or 'client' in its configuration file (Credit: Vade79).


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 21438

File Name: freebsd_pkg_6129fdc76462456da3ef8fc3fbf44d16.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2006/05/13

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openvpn, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/11/01

Vulnerability Publication Date: 2005/10/31

Reference Information

CVE: CVE-2005-3393