Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
From: "David F. Skoll" <devnull@xxxxxxxxxxxxxxxxxx>
Date: Wed, 03 May 2006 16:14:09 -0400
In-reply-to: <003a01c66ed4$c7143430$e7b68456@TRINITY>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Roaring Penguin Software Inc.
References: <003a01c66ed4$c7143430$e7b68456@TRINITY>
User-agent: Thunderbird 1.5 (X11/20051201)

c0redump@xxxxxxxxxxxxx wrote:

> There is a flaw (well more a stupid design than anything else) in
> OpenVPN 2.0.7 (and below) in the the Remote Management Interface
> that allows an attacker to gain complete control because there is NO
> AUTHENTICATION (YES NO AUTHENTICATION AT ALL!).

One important mitigating factor: The management interface is not enabled
by default.  I agree that it's a really stupid design, though.

Regards,

David.
(Return address set to devnull to swallow silly Bugtraq
out-of-office messages.  Real address is dfs at ...)

References:
- OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
  - From: c0redump

Prev by Date: [ MDKSA-2006:082 ] - Updated libtiff packages fix vulnerabilities
Next by Date: Re: Ejabberd : Symlink vulnerability during installation process
Previous by thread: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
Next by thread: Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
Index(es):
- Date
- Thread