diff options
author | Lev Stipakov | 2024-03-19 17:16:07 +0200 |
---|---|---|
committer | Gert Doering | 2024-03-19 18:31:18 +0100 |
commit | e0775c042c7908a9b315da8092b436d03abea08a (patch) | |
tree | 61b422d8370c23446ab36c9562020ca009c5b38a | |
parent | 30bddb1a5426523ef1d61c8a5df2c613ba2a47d3 (diff) | |
download | openvpn-e0775c042c7908a9b315da8092b436d03abea08a.zip openvpn-e0775c042c7908a9b315da8092b436d03abea08a.tar.gz |
interactive.c: disable remote access to the service pipe
Remote access to the service pipe is not needed and might
be a potential attack vector.
For example, if an attacker manages to get credentials for
a user which is the member of "OpenVPN Administrators" group
on a victim machine, an attacker might be able to communicate
with the privileged interactive service on a victim machine
and start openvpn processes remotely.
CVE: 2024-24974
Microsoft case number: 85925
Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>
Change-Id: I8739c5f127e9ca0683fcdbd099dba9896ae46277
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Heiko Hund <heiko@openvpn.net>
Message-Id: <20240319151723.936-2-lev@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28419.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 2c1de0f0803360c0a6408f754066bd3a6fb28237)
-rw-r--r-- | src/openvpnserv/interactive.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 3b120ae..5e3ff12 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -1994,7 +1994,7 @@ CreateClientPipeInstance(VOID) openvpn_sntprintf(pipe_name, _countof(pipe_name), TEXT("\\\\.\\pipe\\" PACKAGE "%s\\service"), service_instance); pipe = CreateNamedPipe(pipe_name, flags, - PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE, + PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_REJECT_REMOTE_CLIENTS, PIPE_UNLIMITED_INSTANCES, 1024, 1024, 0, NULL); if (pipe == INVALID_HANDLE_VALUE) { |