CVE-2006-1629 — Openvpn vulnerability

5 documents5 sources

Severity

9.0CRITICALNVD

EPSS

3.6%

top 12.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Debian Openvpn Openvpn Access Server

Timeline

PublishedApr 6

Latest updateMay 1

Description

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages4 packages

▶debiandebian/openvpn< openvpn 2.0.6-1 (bookworm)

▶Debianopenvpn/openvpn< 2.0.6-1+3

▶NVDopenvpn/openvpn2.0, 2.0.4+1

▶NVDopenvpn/openvpn_access_server4 versions+3

Patches

Patch: openvpn.net ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8fqr-f734-rf7m: OpenVPN 2↗2022-05-01

▶

OSV

CVE-2006-1629: OpenVPN 2↗2006-04-06

▶

📋Vendor Advisories

Debian

CVE-2006-1629: openvpn - OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary c...↗2006

▶

💬Community

Bugzilla

openvpn LD_PRELOAD vulnerability CVE-2006-1629↗2006-04-05

▶