Changes between Version 1 and Version 2 of UnquotedServicePathIn24WindowsInstallers


Ignore:
Timestamp:
07/25/17 15:04:29 (22 months ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UnquotedServicePathIn24WindowsInstallers

    v1 v2  
    11= Introduction =
    22
    3 Commit [https://github.com/OpenVPN/openvpn-build/commit/8795ccfd251b8252122dec43e6327a74856d17db 8795ccfd25] to openvpn-build made the NSIS installer manage services using SimpleSC NSIS plugin. The new service management commands did not properly quote service paths which created a subtle vulnerability.
     3Commit [https://github.com/OpenVPN/openvpn-build/commit/8795ccfd251b8252122dec43e6327a74856d17db 8795ccfd25] to openvpn-build made the NSIS installer manage services using SimpleSC NSIS plugin. The new service management commands did not properly quote service paths which created a subtle medium-level vulnerability. The vulnarability can be exploited if two conditions are met:
    44
    5 The vulnerability can be easily exploited, but only on systems where the C:\ drive is writeable by limited user(s). Users of such systems are urged to upgrade to openvpn-install-2.4.3-I602 or later as soon as possible.
     5* The C:\ drive is writeable by limited user(s)
     6* OpenVPN was installed using official '''OpenVPN 2.4''' Windows installers
     7
     8Users of such systems are urged to upgrade to openvpn-install-2.4.3-I602 or later as soon as possible.
    69
    710Thanks to Jason Haar for finding and reporting this issue! The original Nessus report is available below.