Hi all, I have just received the following bug report from the Debian Bug Track System:
-- From: Hendrik Weimer <hend...@enyo.de> As described in http://www.osreviews.net/reviews/security/openvpn OpenVPN contains a security hole that allows a malicious VPN server to take over connected clients. OpenVPN allows to push environment variables to a client via 'push setenv ...'. Using LD_PRELOAD it is possible to run arbitrary code as root. The only prerequisite is that the attacker needs to control a file on the victim's computer, e.g. by returning a specially crafted document upon web access. A possible solution would be to prefix all pushed environment variables with something like 'OPENVPN_'. -- What's your opinion on this? Thanks, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
