9

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenvpnOpenvpn Version2.0
OpenvpnOpenvpn Version2.0.4
OpenvpnOpenvpn Access Server Version2.0.1
OpenvpnOpenvpn Access Server Version2.0.2
OpenvpnOpenvpn Access Server Version2.0.3
OpenvpnOpenvpn Access Server Version2.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.02% 0.857
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://openvpn.net/changelog.html
Patch
http://secunia.com/advisories/19897
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://secunia.com/advisories/19531
Patch
Vendor Advisory
http://secunia.com/advisories/19598
http://secunia.com/advisories/19837
http://sourceforge.net/mailarchive/forum.php?thread_id=10093825&forum_id=8482
http://www.debian.org/security/2006/dsa-1045
http://www.mandriva.com/security/advisories?name=MDKSA-2006:069
http://www.osreviews.net/reviews/security/openvpn-print
http://www.osvdb.org/24444
http://www.securityfocus.com/bid/17392
Patch
http://www.vupen.com/english/advisories/2006/1261
https://exchange.xforce.ibmcloud.com/vulnerabilities/25667