CVE-2008-3459

EUVD-2008-3445
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
openvpnopenvpn
2.1:beta-14
openvpnopenvpn
2.1:beta-15
openvpnopenvpn
2.1:beta-16
openvpnopenvpn
2.1:rc_1
openvpnopenvpn
2.1:rc_2
openvpnopenvpn
2.1:rc_3
openvpnopenvpn
2.1:rc_4
openvpnopenvpn
2.1:rc_5
openvpnopenvpn
2.1:rc_6
openvpnopenvpn
2.1:rc_7
openvpnopenvpn
2.1:rc_8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openvpn
bookworm
2.6.3-1+deb12u2
fixed
bookworm (security)
2.6.3-1+deb12u2
fixed
bullseye
2.5.1-3
fixed
etch
not-affected
sid
2.6.12-1
fixed
trixie
2.6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvpn
dapper
not-affected
feisty
not-affected
gutsy
not-affected
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://openvpn.net/index.php/documentation/change-log/changelog-21.html
http://www.securityfocus.com/bid/30532
http://www.securitytracker.com/id?1020626
http://www.vupen.com/english/advisories/2008/2316
https://exchange.xforce.ibmcloud.com/vulnerabilities/44209
http://openvpn.net/index.php/documentation/change-log/changelog-21.html
http://www.securityfocus.com/bid/30532
http://www.securitytracker.com/id?1020626
http://www.vupen.com/english/advisories/2008/2316
https://exchange.xforce.ibmcloud.com/vulnerabilities/44209