git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lstipakov@gmail.com>
	Tue, 19 Mar 2024 15:16:07 +0000 (17:16 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 19 Mar 2024 17:29:21 +0000 (18:29 +0100)
commit	2c1de0f0803360c0a6408f754066bd3a6fb28237
tree	a33f8d936c5d5d2f079a976db05359af4d66d846	tree \| snapshot
parent	36ff5cdb45183c13b0cb084b288b237ad55345cd	commit \| diff

interactive.c: disable remote access to the service pipe

Remote access to the service pipe is not needed and might
be a potential attack vector.

For example, if an attacker manages to get credentials for
a user which is the member of "OpenVPN Administrators" group
on a victim machine, an attacker might be able to communicate
with the privileged interactive service on a victim machine
and start openvpn processes remotely.

CVE: 2024-24974

Microsoft case number: 85925

Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>
Change-Id: I8739c5f127e9ca0683fcdbd099dba9896ae46277
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Heiko Hund <heiko@openvpn.net>
Message-Id: <20240319151723.936-2-lev@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28419.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>