Package: openvpn Version: 2.0.5-1 Severity: important Tags: security As described in http://www.osreviews.net/reviews/security/openvpn OpenVPN contains a security hole that allows a malicious VPN server to take over connected clients.
OpenVPN allows to push environment variables to a client via 'push setenv ...'. Using LD_PRELOAD it is possible to run arbitrary code as root. The only prerequisite is that the attacker needs to control a file on the victim's computer, e.g. by returning a specially crafted document upon web access. A possible solution would be to prefix all pushed environment variables with something like 'OPENVPN_'. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
