Описание
The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openvpn3-client | fixed | 24.1+dfsg-1 | package |
Примечания
https://community.openvpn.net/Security%20Announcements/CVE-2025-3908
Связанные уязвимости
The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
Уязвимость программного обеспечения для сетевого шифрования OpenVPN 3 Linux, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю повысить свои привилегии и изменить права доступа к целевому каталогу