Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1629

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2006-1629
Last Modified 07 Mar 2011 09:33:27
Published 06 Apr 2006 06:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-1629

Summary

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.

Vulnerable Systems

Application

  • Openvpn 2.0

  • Openvpn 2.0.1

  • Openvpn 2.0.2

  • Openvpn 2.0.3

  • Openvpn 2.0.4

  • Openvpn 2.0.5


References

BID - 17392

SECUNIA - 19531

CONFIRM - http://openvpn.net/changelog.html

VUPEN - ADV-2006-1261

MISC - http://www.osreviews.net/reviews/security/openvpn-print

CONFIRM - http://sourceforge.net/mailarchive/forum.php?thread_id=10093825&forum_id=8482

XF - openvpn-ldpreload-code-execution(25667)

OSVDB - 24444

SUSE - SUSE-SR:2006:009

MANDRIVA - MDKSA-2006:069

DEBIAN - DSA-1045

SECUNIA - 19897

SECUNIA - 19837

SECUNIA - 19598


Last Updated: 27 May 2016 10:42:09