FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321237
Date:      2013-06-19
Time:      11:08:02Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
be4ccb7b-c48b-11da-ae12-0002b3b60e4c	openvpn -- LD_PRELOAD code execution on client through malicious or compromised server Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old LD_PRELOAD trick. All we need is to put a file onto the client under a known location (e.g. by returning a specially crafted document upon web access) and we have a remote root exploit. But since the attack may only come from authenticated servers, this threat is greatly reduced. Discovery 2006-04-03 Entry 2006-04-05 Modified 2006-04-06 openvpn ge 2.0 lt 2.0.6 CVE-2006-1629 http://www.osreviews.net/reviews/security/openvpn-print http://openvpn.net/changelog.html http://sourceforge.net/mailarchive/message.php?msg_id=15298074
be4ccb7b-c48b-11da-ae12-0002b3b60e4c	openvpn -- LD_PRELOAD code execution on client through malicious or compromised server Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old LD_PRELOAD trick. All we need is to put a file onto the client under a known location (e.g. by returning a specially crafted document upon web access) and we have a remote root exploit. But since the attack may only come from authenticated servers, this threat is greatly reduced. Discovery 2006-04-03 Entry 2006-04-05 Modified 2006-04-06 openvpn ge 2.0 lt 2.0.6 CVE-2006-1629 http://www.osreviews.net/reviews/security/openvpn-print http://openvpn.net/changelog.html http://sourceforge.net/mailarchive/message.php?msg_id=15298074

VuXML ID

Description

be4ccb7b-c48b-11da-ae12-0002b3b60e4c

openvpn -- LD_PRELOAD code execution on client through malicious or compromised server

Hendrik Weimer reports:

OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old LD_PRELOAD trick. All we need is to put a file onto the client under a known location (e.g. by returning a specially crafted document upon web access) and we have a remote root exploit. But since the attack may only come from authenticated servers, this threat is greatly reduced.

Discovery 2006-04-03
Entry 2006-04-05
Modified 2006-04-06
openvpn

ge 2.0 lt 2.0.6