Vulnerability Description
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
CVSS Score
9.0
HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openvpn | Openvpn | 2.0 |
| Openvpn | Openvpn Access Server | 2.0.1 |
References
- http://openvpn.net/changelog.htmlPatch
- http://secunia.com/advisories/19531PatchVendor Advisory
- http://secunia.com/advisories/19598
- http://secunia.com/advisories/19837
- http://secunia.com/advisories/19897
- http://sourceforge.net/mailarchive/forum.php?thread_id=10093825&forum_id=8482
- http://www.debian.org/security/2006/dsa-1045
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:069
- http://www.novell.com/linux/security/advisories/2006_04_28.html
- http://www.osreviews.net/reviews/security/openvpn-print
- http://www.osvdb.org/24444
- http://www.securityfocus.com/bid/17392Patch
- http://www.vupen.com/english/advisories/2006/1261
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25667
- http://openvpn.net/changelog.htmlPatch
FAQ
What is CVE-2006-1629?
CVE-2006-1629 is a vulnerability with a CVSS score of 9.0 (HIGH). OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
How severe is CVE-2006-1629?
CVE-2006-1629 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1629?
Check the references section above for vendor advisories and patch information. Affected products include: Openvpn Openvpn, Openvpn Openvpn Access Server.