| ||Shellshocking OpenVPN servers|
86 points by kfreds on Sept 29, 2014 | hide | past | favorite | 6 comments |
|OpenVPN servers are vulnerable to Shellshock under certain configurations.|
OpenVPN has a number of configuration options that can call custom commands during different stages of the tunnel session. Many of these commands are called with environmental variables set, some of which can be controlled by the client. One option used for username+password authentication is "auth-user-pass-verify". If the called script uses a vulnerable shell, the client simply delivers the exploit and payload by setting the username. This attack vector is pre-auth.
When we discovered this last week we contacted firstname.lastname@example.org as well as many of our colleagues. Given how many users could potentially be affected we reasoned that maximum utility would be achieved by giving VPN providers a heads up before warning everyone. If you were affected but not informed I apologize.
Cheers, Fredrik Strömberg (email@example.com)
| Apply to YC