• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenVPN Client Remote Format String Vulnerability

OpenVPN is reported prone to a remote format string vulnerability.

A malicious server can send specially crafted command options such as 'dhcp-option' including format specifiers to a client to trigger this vulnerability.

A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. This can result in unauthorized remote access.

This issue affects OpenVPN 2.0.x versions. OpenVPN running on Windows is not vulnerable to this issue.