Vulnerability CVE-2023-7235: Information

Description

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-7235
Published: Feb. 21, 2024
Modified: Feb. 22, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openvpnsisyphus2.6.10-alt12.6.10-alt1ALT-PU-2024-4639-2343751Fixed
openvpnsisyphus_e2k2.6.10-alt12.6.10-alt1ALT-PU-2024-4709-1-Fixed
openvpnsisyphus_riscv642.6.10-alt12.6.10-alt1ALT-PU-2024-4770-1-Fixed
openvpnsisyphus_loongarch642.6.10-alt12.6.10-alt1ALT-PU-2024-4721-1-Fixed
openvpnp112.6.10-alt12.6.10-alt1ALT-PU-2024-4639-2343751Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://community.openvpn.net/openvpn/wiki/CVE-2023-7235
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top