tag name | v2.2-beta2 (113ba508ba6f7ef80399b328307fc43f3d7655b5) |
tag date | 2010-08-16 20:47:53 +0200 |
tagged by | David Sommerseth <dazo@users.sourceforge.net> |
tagged object | commit 39cd93760b... |
download | openvpn-2.2-beta2.tar.xz |
---|
2010.08.16 -- Version 2.2-beta2
* Windows security issue:
Fixed potential local privilege escalation vulnerability in
Windows service. The Windows service did not properly quote the
executable filename passed to CreateService. A local attacker
with write access to the root directory C:\ could create an
executable that would be run with the same privilege level as
the OpenVPN Windows service. However, since non-Administrative
users normally lack write permission on C:\, this vulnerability
is generally not exploitable except on older versions of Windows
(such as Win2K) where the default permissions on C:\ would allow
any user to create files there.
Credit: Scott Laurie, MWR InfoSecurity
* Added Python-based based alternative build system for Windows using
Visual Studio 2008 (in win directory).
* Fixed compiler warning in ssl.c when compiling with --enable-strict
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEABECAAYFAkxph+kACgkQDC186MBRfroKSQCdE7+9R8JHVuafiPZuLFUEnGL+
Q7UAnj0qGBXP8D8JXCvC0W/TBVlG7mOo
=NezD
-----END PGP SIGNATURE-----