Changes between Initial Version and Version 1 of TapWindows6BufferOverflowVulnerability


Ignore:
Timestamp:
05/05/16 07:17:51 (7 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TapWindows6BufferOverflowVulnerability

    v1 v1  
     1There was a buffer overflow vulnerability in tap-windows6 version 9.21.1, in adapter.c, where the code was failing to check the size of a registry string read by !NdisReadConfiguration before copying it to a fixed length buffer. The vulnerability could potentially allow arbitrary code execution in the kernel context of a signed driver, however it requires local Admin privileges to exploit. Further details are available in the [https://github.com/Rootkitsmm/OpenVpn-Pool-Overflow/blob/master/README.md reporter's GitHub repository].
     2
     3This problem has been fixed in tap-windows6 version 9.21.2, which is bundled with openvpn-install-2.3.10-I604 and later. The I00x installers do not have this vulnerability, because they bundle the old NDIS 5-based tap-windows driver. The source code for the fix is [https://github.com/mattock/tap-windows6/commit/6b05a00fb85903f0d26cb3a21bb70b1f814003d5 available] on !GitHub.
     4