Changes between Version 1 and Version 2 of UnquotedServicePathIn24WindowsInstallers
- Timestamp:
- 07/25/17 15:04:29 (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
UnquotedServicePathIn24WindowsInstallers
v1 v2 1 1 = Introduction = 2 2 3 Commit [https://github.com/OpenVPN/openvpn-build/commit/8795ccfd251b8252122dec43e6327a74856d17db 8795ccfd25] to openvpn-build made the NSIS installer manage services using SimpleSC NSIS plugin. The new service management commands did not properly quote service paths which created a subtle vulnerability.3 Commit [https://github.com/OpenVPN/openvpn-build/commit/8795ccfd251b8252122dec43e6327a74856d17db 8795ccfd25] to openvpn-build made the NSIS installer manage services using SimpleSC NSIS plugin. The new service management commands did not properly quote service paths which created a subtle medium-level vulnerability. The vulnarability can be exploited if two conditions are met: 4 4 5 The vulnerability can be easily exploited, but only on systems where the C:\ drive is writeable by limited user(s). Users of such systems are urged to upgrade to openvpn-install-2.4.3-I602 or later as soon as possible. 5 * The C:\ drive is writeable by limited user(s) 6 * OpenVPN was installed using official '''OpenVPN 2.4''' Windows installers 7 8 Users of such systems are urged to upgrade to openvpn-install-2.4.3-I602 or later as soon as possible. 6 9 7 10 Thanks to Jason Haar for finding and reporting this issue! The original Nessus report is available below.