2
2
Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
4
$Id: ChangeLog 765 2005-11-03 01:21:44Z james $
4
$Id: ChangeLog 873 2006-01-03 09:45:59Z james $
6
2006.04.05 -- Version 2.0.6
8
* Security Vulnerability affecting OpenVPN 2.0 through 2.0.5.
9
An OpenVPN client connecting to a
10
malicious or compromised server could potentially receive
11
"setenv" configuration directives from the server which could
12
cause arbitrary code execution on the client via a LD_PRELOAD
13
attack. A successful attack appears to require that (a) the
14
client has agreed to allow the server to push configuration
15
directives to it by including "pull" or the macro "client" in
16
its configuration file, (b) the client configuration file uses
17
a scripting directive such as "up" or "down", (c) the client
18
succesfully authenticates the server, (d) the server is
19
malicious or has been compromised and is under the control of
20
the attacker, and (e) the attacker has at least some level of
21
pre-existing control over files on the client (this might be
22
accomplished by having the server respond to a client web
23
request with a specially crafted file).
24
The fix is to disallow "setenv" to be pushed to clients from
25
the server. For those who need this capability, OpenVPN
26
2.1 supports a new "setenv-safe" directive which is free
27
of this vulnerability.
29
* When deleting routes under Linux, use the route metric
30
as a differentiator to ensure that the route teardown
31
process only deletes the identical route which was originally
32
added via the "route" directive (Roy Marples).
34
* Fix the t_cltsrv.sh file in FreeBSD 4 jails
35
(Matthias Andree, Dirk Meyer, Vasil Dimov).
37
* Extended tun device configure code to support ethernet
38
bridging on NetBSD (Emmanuel Kasper).
40
2006.01.03 -- Version 2.0.6-rc1
42
* Fixed bug where "make check" inside a FreeBSD "jail"
43
would never complete (Matthias Andree).
44
* Fixed bug where --server directive in --dev tap mode
45
claimed that it would support subnets of /30 or less
46
but actually would only accept /29 or less.
47
* Extend byte counters to 64 bits (M. van Cuijk).
48
* Fixed bug in acinclude.m4 where capability of compiler
49
to handle zero-length arrays in structs is tested
51
* Fixed typo in manage.c where inline function declaration
52
was declared without the "static" keyword (David Stipp).
53
* Removed redundant base64 code.
54
* Better sanity checking of --server and --server-bridge
55
IP pool ranges, so as not to hit the assertion at
57
* Fixed bug where --daemon and --management-query-passwords
58
used together would cause OpenVPN to block prior to
60
* Fixed client/server race condition which could occur
61
when --auth-retry interact is set and the initially
62
provided auth-user-pass credentials are incorrect,
63
forcing a username/password re-query.
64
* Fixed bug where if --daemon and --management-hold are
65
used together, --user or --group options would be ignored.
6
67
2005.11.02 -- Version 2.0.5
8
69
* Fixed bug in Linux get_default_gateway function
added
removed
ChangeLog
