oss-sec mailing list archives

Re: CVE request: OpenVPN (client) 2.1-beta14 through 2.1-rc8

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 4 Aug 2008 14:48:29 -0400 (EDT)


======================================================
Name: CVE-2008-3459
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3459
Reference: CONFIRM:http://openvpn.net/index.php/documentation/change-log/changelog-21.html

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when
running on non-Windows systems, allows remote servers to execute
arbitrary commands via crafted (1) "lladdr" and (2) "iproute"
configuration directives, probably related to shell metacharacters.

Current thread:

CVE request: OpenVPN (client) 2.1-beta14 through 2.1-rc8 Tomas Hoger (Aug 03)
- Re: CVE request: OpenVPN (client) 2.1-beta14 through 2.1-rc8 Steven M. Christey (Aug 04)