git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Guido Vranken <guidovranken@gmail.com>
	Fri, 19 May 2017 12:04:25 +0000 (14:04 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 19 Jun 2017 18:49:30 +0000 (20:49 +0200)
commit	f38a4a105979b87ebebe9be1c3d323116d3fb924
tree	8bf61eee266b7b9080473778448f13e047a7fe17	tree
parent	1dde0cd6e5e6a0f2f45ec9969b7ff1b6537514ad	commit \| diff

Prevent two kinds of stack buffer OOB reads and a crash for invalid input data

Pre-authentication remote crash/information disclosure for clients

If clients use a HTTP proxy with NTLM authentication (i.e.
"--http-proxy <server> <port> [<authfile>|'auto'|'auto-nct'] ntlm2"),
a man-in-the-middle attacker between the client and the proxy can
cause the client to crash or disclose at most 96 bytes of stack
memory. The disclosed stack memory is likely to contain the proxy
password.

If the proxy password is not reused, this is unlikely to compromise
the security of the OpenVPN tunnel itself. Clients who do not use
the --http-proxy option with ntlm2 authentication are not affected.

CVE: 2017-7520
Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <CAO5O-EJvHKid-zTj+hmFG_3Gv78ixqCayE9=C62DZaxN32WNtQ@mail.gmail.com>
URL: https://www.mail-archive.com/search?l=mid&q=CAO5O-EJvHKid-zTj+hmFG_3Gv78ixqCayE9=C62DZaxN32WNtQ@mail.gmail.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 7718c8984f04b507c1885f363970e2124e3c6c77)