From 4f79d3ec453e8bc2621a847121b0086e0e86b165 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Sun, 15 Aug 2010 21:53:00 +0000
Subject: Windows security issue: Fixed potential local privilege escalation
 vulnerability in Windows service. The Windows service did not properly quote
 the executable filename passed to CreateService.  A local attacker with write
 access to the root directory C:\ could create an executable that would be run
 with the same privilege level as the OpenVPN Windows service.  However, since
 non-Administrative users normally lack write permission on C:\, this
 vulnerability is generally not exploitable except on older versions of
 Windows (such as Win2K) where the default permissions on C:\ would allow any
 user to create files there. Credit:  Scott Laurie, MWR InfoSecurity

Version 2.1.2


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6400 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 install-win32/settings.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'install-win32')

diff --git a/install-win32/settings.in b/install-win32/settings.in
index edebd44..21ea0a7 100644
--- a/install-win32/settings.in
+++ b/install-win32/settings.in
@@ -22,7 +22,7 @@
 ;!define OPENVPN_XGUI_DIR "../ovpnxml"
 
 # Prebuilt libraries.  DMALLOC is optional.
-!define OPENSSL_DIR	  "../openssl-0.9.8l"
+!define OPENSSL_DIR	  "../openssl.mingw/openssl-0.9.8o"
 !define LZO_DIR		  "../lzo-2.02"
 !define PKCS11_HELPER_DIR "../pkcs11-helper"
 ;!define DMALLOC_DIR	  "../dmalloc-5.4.2"
-- 
cgit v1.2.3