CVE-2008-3459

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.1-beta14 through 2.1-rc8

Description The issue allows remote servers to execute arbitrary commands via crafted configuration directives, specifically lladdr and iproute, likely due to shell metacharacters. This problem occurs when OpenVPN is running on non-Windows systems.

Recommendations For OpenVPN versions 2.1-beta14 through 2.1-rc8, consider restricting access to the lladdr and iproute configuration directives to minimize the risk of exploitation. As a temporary workaround, avoid using these directives until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.