Test ID:	1.3.6.1.4.1.25623.1.0.900024
Category:	General
Title:	OpenVPN Client RCE Vulnerability
Summary:	OpenVPN Client is prone to a remote code execution (RCE) vulnerability.
Description:	Summary: OpenVPN Client is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: Application fails to properly validate the specially crafted input passed to lladdr/iproute configuration directives. Vulnerability Impact: Remote attackers could execute arbitrary code on the Client. Successful exploitation requires, - the client to agree to allow the server to push configuration directives to it by including pull or the macro client in its configuration file. - the client successfully authenticates the server. - the server is malicious and has been compromised under the control of the attacker. Affected Software/OS: Non-Windows OpenVPN client OpenVPN 2.1-beta14 to OpenVPN 2.1-rc8 Solution: Upgrade to higher version of Non-Windows OpenVPN client OpenVPN 2.1-rc9. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3459 1020626 http://www.securitytracker.com/id?1020626 30532 http://www.securityfocus.com/bid/30532 ADV-2008-2316 http://www.vupen.com/english/advisories/2008/2316 http://openvpn.net/index.php/documentation/change-log/changelog-21.html openvpn-lladdr-iproute-code-execution(44209) https://exchange.xforce.ibmcloud.com/vulnerabilities/44209
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.