[OpenVPN-NL] OpenVPN-NL 2.4.6-nl2 released

Steffan Karger steffan.karger at fox-it.com
Fri Jun 1 14:57:20 CEST 2018 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A new version of OpenVPN-NL (2.4.6-nl2) is available on the OpenVPN-NL
website [1].  This version is based on OpenVPN 2.4.6 [2], and mbed TLS
2.9.0 [3].

This release resolves several security issues:

1) CVE-2018-9336: fix potential double-free() in the Windows Interactive
Service

A local attacker could send malformed input data on the service pipe
towards the OpenVPN interactive service, which can result in a double
free() in the error handling code.  This usually only leads to a process
crash (DoS by an unprivileged local account) but it could lead to
memory corruption and potentially privilege escalation if happening
while multiple other threads are active at the same time.

This only affects users that run the interactive service on Windows.

2) Out-of-bounds read in the tap-windows driver

This allows a local attacker that is able to send invalid ICMPv6 packets
from the local machine to the local tap-windows adapter to crash the
local machine (BSOD).  The overread data is not leaked to the attacker
or peer.

3) Several bugfixes in mbed TLS

mbed TLS 2.8 fixed a number of denial-of-service bugs [4].  mbed TLS 2.9
fixed a number of parsing bugs, which have no or very limited impact on
OpenVPN-NL, because most of the affected components are disabled, and
the strict set of allowed ciphers prevents selecting an insecure cipher.
Furthermore, the usage of tls-auth or tls-crypt prevents an attacker
without the tls-auth/tls-crypt key from executing an attack.


This release uses a new (Extended Validation) Windows Code signing
certificate for the tap-windows driver files.  The sha1 fingerprint of
this new certificate is:
27:FA:AB:56:C8:F3:52:FD:E8:2F:4E:E7:B0:81:52:4B:DD:94:28:91

The preexisting certificate is still used for non-kernel mode signing,
such as the installers and openvpn(serv).exe binaries.

References
- ----------
[1] https://openvpn.fox-it.com/
[2] https://github.com/OpenVPN/openvpn/blob/v2.4.6/Changes.rst
[3]
https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.1
2-released
[4]
https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.1
1-released
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJbEUKsAAoJEEEwndWOY1w5dkwH/2b8uAaNG2/re0z2PN+QgTWc
7DhP17geYtrcOs16b/KvhnqSGx8GqaC/1Zyj6TYoLEU4sYATuzZGUmTEt/gji+0w
WlXc9lz8YIdaD37gyGtyR5Ka5hREL6WLARX6jwCos4B6ziYcncumxkH4yHeSD/pI
PdDZKJdVGYrpiDNUcg9LUyIbshOGv36RJ966uFVbSHpLekHdEXwCF+giae3Bxisa
QQJREEQzYPqKRWyxggUg9kPU0ofPyT6+BAGtOVqW2uW/HX1J2AdyygC1abPWbFUA
66ZqtcXiYxNw0ykx9ZeoKvi7Y7l1Kkkt6r8XigYII8ztmCze/lHBhNYD0cc7sV0=
=i4Tf
-----END PGP SIGNATURE-----

More information about the list-openvpn-nl mailing list