CVE-2005-3393

Name of the Vulnerable Software and Affected Versions OpenVPN versions prior to 2.0.4 OpenVPN version 2.0.x

Description The issue concerns a format string vulnerability in the foreign option function in options.c. This vulnerability allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. Multiple vulnerabilities in the OpenVPN package may lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For OpenVPN versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. For OpenVPN version 2.0.x, update to a version outside of the 2.0.x range to mitigate the risk. As a temporary workaround, consider restricting access to the foreign option function in options.c until a patch is available. Avoid using format string specifiers in the dhcp-option command option until the issue is resolved.