lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 4 Nov 2005 15:46:45 -0500 (EST)
From: v9 <v9@...ehalo.us>
To: James Yonan <jim@...an.net>
Cc: info@...nvpn.net, bugtraq@...urityfocus.com
Subject: Re: OpenVPN[v2.0.x]: foreign_option() formart string vulnerability.


ah, that would be what i did when testing("client"), sorry for the
false/confusion with that... anyways, great software i use it for my vpn
needs...nicely documented and easy to use--thanks for its existence.

> Vade79,
>
> Thanks for your efforts in finding this!  I've just released OpenVPN 2.0.4
> with a fix.
>
> The patch is here:
>
> http://openvpn.net/patch/2.0.4-security-patches/foreign_option.patch
>
> While this patch fixes the format string vulnerability, you made another
> claim as well which I believe to be false:
>
> > however, when testing i did NOT have to have the "pull" option in my clients config
> > file to allow the "push"ed dhcp-option request as it states above.
>
> You didn't post your test configuration file, but I suspect that you were
> using "client" which is a macro that expands to "pull" and "tls-client".
>
> Take a look at this line in push.c:
>
> if (honor_received_options && buf_string_compare_advance (&buf, "PUSH_REPLY"))
>
> This conditional decides whether or not to process a received PUSH_REPLY
> message.  honor_received_options will be false unless "pull" or "client"
> is specified.
>
> James
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ