FreeBSD : openvpn -- arbitrary code execution on client through malicious or compromised server (6129fdc7-6462-456d-a3ef-8fc3fbf44d16)
High Nessus Plugin ID 21438
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionJames Yonan reports :
A format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if (a) the client's TLS negotiation with the server succeeds, (b) the server is malicious or has been compromised such that it is configured to push a maliciously crafted options string to the client, and (c) the client indicates its willingness to accept pushed options from the server by having 'pull' or 'client' in its configuration file (Credit: Vade79).
SolutionUpdate the affected package.