Vulnerability CVE-2023-7235: Information
Description
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openvpn | sisyphus | 2.6.10-alt1 | 2.6.10-alt1 | ALT-PU-2024-4639-2 | 343751 | Fixed |
openvpn | sisyphus_e2k | 2.6.10-alt1 | 2.6.10-alt1 | ALT-PU-2024-4709-1 | - | Fixed |
openvpn | sisyphus_riscv64 | 2.6.10-alt1 | 2.6.10-alt1 | ALT-PU-2024-4770-1 | - | Fixed |
openvpn | sisyphus_loongarch64 | 2.6.10-alt1 | 2.6.10-alt1 | ALT-PU-2024-4721-1 | - | Fixed |
openvpn | p11 | 2.6.10-alt1 | 2.6.10-alt1 | ALT-PU-2024-4639-2 | 343751 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://community.openvpn.net/openvpn/wiki/CVE-2023-7235 |