[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via crafted configuration
Bug #256621 reported by
Till Ulen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Debian) |
Fix Released
|
Unknown
|
|||
openvpn (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Binary package hint: openvpn
CVE-2008-3459 description:
"Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) "lladdr" and (2) "iproute" configuration directives, probably related to shell metacharacters."
http://
More information:
http://
Ubuntu Hardy might be affected.
CVE References
Changed in openvpn: | |
status: | Unknown → Fix Released |
Changed in openvpn: | |
status: | New → Fix Released |
status: | New → Confirmed |
importance: | Undecided → Low |
To post a comment you must log in.
Adding CVE reference: CVE-2008-3459