W dniu 18.02.2016 o 19:08, Gert Doering pisze: > Hi, > > On Thu, Feb 18, 2016 at 06:08:02PM +0100, Jacek Wielemborek wrote: >> Well the attacker could send a funny packet with a valid checksum, >> encrypted and authenticated, right? > > Indeed, but that would be someone we trust enough to let him talk to > our network - protects against Joe Random from the Internet crashing > our servers (or burning CPU resources trying to). > > But yeah. Mistakes do happen :-) - so software shouldn't ever crash > on malformed packets. > > gert >
Crashing alone isn't as dangerous as having memory errors that could lead to arbitrary code execution. Especially if OpenVPN is run as root, which is probably the case quite often, given that one of its most common use cases requires privileges to set up its own network interfaces...
signature.asc
Description: OpenPGP digital signature
