ID CVE-2006-1629
Summary OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. OpenVPN version 2.0.6 fixes this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:openvpn:openvpn:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.0.5:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 12-05-2020 - 14:21)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
bid 17392
confirm
debian DSA-1045
mandriva MDKSA-2006:069
misc http://www.osreviews.net/reviews/security/openvpn-print
osvdb 24444
secunia
  • 19531
  • 19598
  • 19837
  • 19897
suse SUSE-SR:2006:009
vupen ADV-2006-1261
xf openvpn-ldpreload-code-execution(25667)
Last major update 12-05-2020 - 14:21
Published 06-04-2006 - 22:04
Last modified 12-05-2020 - 14:21
Back to Top