CVE-2024-4877: Windows: A malicious process may spoof the interactive service and potentially impersonate a local user
interactive.c and OpenVPN-GUI for Windows:
If an attacker with SeImeprsonatePrivilege manages to create a namedpipe server with a name matching that used by the "Interactive Service", user interfaces such as OpenVPN-GUI connecting to it could allow the attacker to impersonate the user running the UI.
To address this, we harden the security of the pipe, making it possible only for processes running as SYSTEM (such as the interactive service) create the pipe with the same name. Further, to protect against any such pipes created prior to startup of the service, clients of the service must match the PID of the pipe server with that of the service. This is implemented in OpenVPN-GUI for Windows.
References
- Release notes: https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html
- CVE record: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4877
- Reported by: Zeze with TeamT5 <zeze7w@…>
Last modified 2 months ago
Last modified on 06/26/24 13:15:48
