|
|
On Wed, 2 Nov 2005, Jason Haar wrote: > James Yonan wrote: > > >* Security fix -- Affects non-Windows OpenVPN clients of > > version 2.0 or higher which connect to a malicious or > > compromised server. > > > I must say I think saying this is a "security hole" is a bit of a > stretch! Someone would have to connect to a compromised server in order > to be affected. Well that is basically the same as running an executable > someone you don't know sent you - it's a "stupidly exploit" - not a > software exploit! :-) > > Even if it was a MITM attack, you would have had to disable OpenVPNs > built-in cert-checking components before this would work, along with > "tls-auth"... I just can't imagine this exploit occuring in the real > world... Have I missed something? I would agree that this exploit is somewhat theoretical -- even the original bugtraq poster acknowledged that OpenVPN's string remapping code would make it difficult to exploit. And then of course the exploit isn't even feasible unless the server has already been compromised by other means. But it _is_ a string format vulnerability with the potential for remote exploitation, and I think putting it in the security issue category is in keeping with the spirit of "full disclosure". James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |