by Michael Mimoso September 30, 2014
OpenVPN wasn’t immune to the Heartbleed vulnerability in OpenSSL, and it’s not going to sidestep Shellshock either.
Fredrick Stromberg, cofounder of Mullvad, a Swedish VPN company, reported that OpenVPN servers are vulnerable to Shellshock, the vulnerability in Bash plaguing Linux, UNIX and Mac OS X systems.
Stromberg said the attack vector in OpenVPN is particularly dangerous because it’s pre-authentication, putting all communication through a supposedly secure tunnel at risk.
“OpenVPN has a number of configuration options that can call custom commands during different stages of the tunnel session. Many of these commands are called with environmental variables set, some of which can be controlled by the client,” Stromberg wrote in a post to Hacker News. “One option used for username+password authentication is ‘auth-user-pass-verify.’ If the called script uses a vulnerable shell, the client simply delivers the exploit and payload by setting the username.”
Full Article
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.