Remote Code Execution Vulnerability in OpenVPN by OpenVPN Technologies
CVE-2006-1629

Currently unrated

Key Information:

Vendor: Openvpn
Status: Openvpn; Openvpn Access Server
Vendor: CVE Published:; 6 April 2006

Summary

A remote code execution vulnerability exists in OpenVPN versions 2.0 through 2.0.5 that allows attackers to execute arbitrary code on the client side. This exploitation is made possible through manipulation of the LD_PRELOAD environment variable via the setenv function. Malicious servers can exploit this flaw, posing a significant security risk to users of the OpenVPN software. It is advised that users upgrade to secure versions and follow best practices to mitigate exposure to this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25667

vdb-entryx_refsource_XF

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.vupen.com/english/advisories/2006/1261

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Apr 6, 2006
Vulnerability Reserved
Apr 5, 2006