Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD6129FDC7-6462-456D-A3EF-8FC3FBF44D16
HistoryOct 31, 2005 - 12:00 a.m.

openvpn -- arbitrary code execution on client through malicious or compromised server

2005-10-3100:00:00
vuxml.freebsd.org
17

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.024

Percentile

90.0%

JSON

James Yonan reports:

A format string vulnerability
in the foreign_option function in options.c could
potentially allow a malicious or compromised server
to execute arbitrary code on the client. Only
non-Windows clients are affected. The vulnerability
only exists if (a) the client’s TLS negotiation with
the server succeeds, (b) the server is malicious or
has been compromised such that it is configured to
push a maliciously crafted options string to the client,
and © the client indicates its willingness to accept
pushed options from the server by having “pull” or
“client” in its configuration file (Credit: Vade79).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchopenvpn= 2.0UNKNOWN
FreeBSDanynoarchopenvpn< 2.0.4UNKNOWN

Related

cvelist 1
openvas 6
cve 1
debiancve 1
ubuntucve 1
nessus 5
nvd 1
debian 2
osv 2
gentoo 1
altlinux 1
cvelist
cvelist
CVE-2005-3393
2005-11-01 11:00:00
openvas
openvas
FreeBSD Ports: openvpn
2008-09-04 00:00:00
FreeBSD Ports: openvpn
2008-09-04 00:00:00
Debian Security Advisory DSA 885-1 (openvpn)
2008-01-17 00:00:00
cve
cve
CVE-2005-3393
2005-11-01 12:47:00
debiancve
debiancve
CVE-2005-3393
2005-11-01 12:47:00
ubuntucve
ubuntucve
CVE-2005-3393
2005-11-01 00:00:00
nessus
nessus
OpenVPN Server 2.0.x < 2.0.3 Remote Code Execution Vulnerability
2019-09-16 00:00:00
FreeBSD : openvpn -- arbitrary code execution on client through malicious or compromised server (6129fdc7-6462-456d-a3ef-8fc3fbf44d16)
2006-05-13 00:00:00
GLSA-200511-07 : OpenVPN: Multiple vulnerabilities
2005-11-07 00:00:00
nvd
nvd
CVE-2005-3393
2005-11-01 12:47:00
debian
debian
[SECURITY] [DSA 885-1] New OpenVPN packages fix several vulnerabilities
2005-11-07 09:57:19
[SECURITY] [DSA 885-1] New OpenVPN packages fix several vulnerabilities
2005-11-07 09:57:19
osv
osv
openvpn - several
2005-11-07 00:00:00
openvpn-2.5.3-1.2 on GA media
2024-06-15 00:00:00
gentoo
gentoo
OpenVPN: Multiple vulnerabilities
2005-11-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openvpn version 2.0.6-alt1
2006-04-06 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.024

Percentile

90.0%

JSON
Related for 6129FDC7-6462-456D-A3EF-8FC3FBF44D16
cvelist1openvas6cve1debiancve1ubuntucve1nessus5nvd1debian2osv2gentoo1altlinux1