• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenVPN Client Remote Code Execution Vulnerability

OpenVPN is reported prone to a remote code-execution vulnerability. This issue is due to a lack of proper sanitization of server-supplied data.

A remote attacker may exploit this issue to execute arbitrary code with elevated privileges on a vulnerable computer to gain unauthorized access.

To be vulnerable to this issue, client OpenVPN computers must be configured to use 'up' or 'down' scripts and must have either the 'pull' configuration directive or a 'client' macro set up.

OpenVPN versions 2.0.0 through 2.0.5 are affected by this issue.