FreeBSD : openvpn -- arbitrary code execution on client through malicious or compromised server (6129fdc7-6462-456d-a3ef-8fc3fbf44d16)

high Nessus Plugin ID 21438

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

James Yonan reports :

A format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if (a) the client's TLS negotiation with the server succeeds, (b) the server is malicious or has been compromised such that it is configured to push a maliciously crafted options string to the client, and (c) the client indicates its willingness to accept pushed options from the server by having 'pull' or 'client' in its configuration file (Credit: Vade79).

Solution

Update the affected package.

See Also

https://www.securityfocus.com/archive/1/415293/30/0/threaded

https://openvpn.net/community-resources/changelog-for-openvpn-2-1/

http://www.nessus.org/u?948a207d

Plugin Details

Severity: High

ID: 21438

File Name: freebsd_pkg_6129fdc76462456da3ef8fc3fbf44d16.nasl

Version: 1.16

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openvpn, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/1/2005

Vulnerability Publication Date: 10/31/2005

Reference Information

CVE: CVE-2005-3393