[Bug 256621] Re: [CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via crafted configuration
didier
did447 at gmail.com
Tue Nov 4 06:06:22 GMT 2008
Hi,
In my understanding it only removes abilities to set remotely the route *software* (/sbin/route , whatever).
Something that:
- I can't find a case why you may want to do such thing.
- Is an undocumented feature.
I haven't tested it but from quickly reading the code you still can
remotely change route after applying the patch.
Didier
--
[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via crafted configuration
https://bugs.launchpad.net/bugs/256621
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in ubuntu.
More information about the Ubuntu-server-bugs
mailing list