CVE-2006-1629
published 2006-04-06CVE-2006-1629: OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
PriorityP342critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
3.02%
85.8th percentile
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openvpn | < openvpn 2.0.6-1 (bookworm) | openvpn 2.0.6-1 (bookworm) |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | >= 0 < 2.0.6-1 | 2.0.6-1 |
| openvpn | openvpn | >= 0 < 2.0.6-1 | 2.0.6-1 |
| openvpn | openvpn | >= 0 < 2.0.6-1 | 2.0.6-1 |
| openvpn | openvpn | >= 0 < 2.0.6-1 | 2.0.6-1 |
| openvpn | openvpn_access_server | — | — |
| openvpn | openvpn_access_server | — | — |
| openvpn | openvpn_access_server | — | — |
| openvpn | openvpn_access_server | — | — |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL
vendor_debian9.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2006-1629: openvpn - OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary c...
vendor_debian·2006·CVSS 9.0
CVE-2006-1629 [CRITICAL] CVE-2006-1629: openvpn - OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary c...
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
Scope: local
bookworm: resolved (fixed in 2.0.6-1)
bullseye: resolved (fixed in 2.0.6-1)
forky: resolved (fixed in 2.0.6-1)
sid: resolved (fixed in 2.0.6-1)
trixie: resolved (fixed in 2.0.6-1)
GHSA
GHSA-8fqr-f734-rf7m: OpenVPN 2
ghsa_unreviewed·2022-05-01
CVE-2006-1629 [HIGH] GHSA-8fqr-f734-rf7m: OpenVPN 2
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
OSV
CVE-2006-1629: OpenVPN 2
osv·2006-04-06·CVSS 9.0
CVE-2006-1629 [CRITICAL] CVE-2006-1629: OpenVPN 2
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
No detection rules found.
No public exploits indexed.
http://openvpn.net/changelog.htmlhttp://secunia.com/advisories/19531http://secunia.com/advisories/19598http://secunia.com/advisories/19837http://secunia.com/advisories/19897http://sourceforge.net/mailarchive/forum.php?thread_id=10093825&forum_id=8482http://www.debian.org/security/2006/dsa-1045http://www.mandriva.com/security/advisories?name=MDKSA-2006:069http://www.novell.com/linux/security/advisories/2006_04_28.htmlhttp://www.osreviews.net/reviews/security/openvpn-printhttp://www.osvdb.org/24444http://www.securityfocus.com/bid/17392http://www.vupen.com/english/advisories/2006/1261https://exchange.xforce.ibmcloud.com/vulnerabilities/25667http://openvpn.net/changelog.htmlhttp://secunia.com/advisories/19531http://secunia.com/advisories/19598http://secunia.com/advisories/19837http://secunia.com/advisories/19897http://sourceforge.net/mailarchive/forum.php?thread_id=10093825&forum_id=8482http://www.debian.org/security/2006/dsa-1045http://www.mandriva.com/security/advisories?name=MDKSA-2006:069http://www.novell.com/linux/security/advisories/2006_04_28.htmlhttp://www.osreviews.net/reviews/security/openvpn-printhttp://www.osvdb.org/24444http://www.securityfocus.com/bid/17392http://www.vupen.com/english/advisories/2006/1261https://exchange.xforce.ibmcloud.com/vulnerabilities/25667
2006-04-06
Published