CVE-2021-3606: OpenVPN 2.5.2 and earlier versions (Windows only) may load an external OpenSSL configuration file

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).

This issue affects only OpenVPN 2.5.2 and prior releases only on Windows, as this related to how the OpenSSL library is built. This is not an issue in the OpenVPN code itself, but due to a feature available by default in the OpenSSL library. From OpenVPN 2.5.3, this feature is being disabled at compile-time of the OpenSSL library which results in no external OpenSSL configuration files being loaded from specific folders on the local system.

This issue was reported by Xavier Danest.

Last modified 17 months ago Last modified on 07/01/21 14:26:37