Home > Cyber News > CVE-2017-7521, OpenVPN Remote Code Execution Bug Patched
CYBER NEWS

CVE-2017-7521, OpenVPN Remote Code Execution Bug Patched

Are you a user of OpenVPN? The software patched four vulnerabilities just this week. One of the flaws is quite severe – a remote code execution bug that could allow an authenticated attacker to run code on a compromised box. The vulnerability is identified as CVE-2017-7521.

Related Story: CVE-2016-8939, the TSM Vulnerability IBM Neglected for 2 Years

CVE-2017-7521 Technical Details

The flaw affects OpenVPN server side, and as explained by Guido Vranken, the flaw can cause “Remote server crashes/double-free/memory leaks in certificate processing”. In addition:

CVE-2017-7521 can drain the server of available memory, which may lead to a ‘double-free,’ which is a way to corrupt the server’s memory. In short, the worst-case scenario is that the user can execute their code on the server. This is the worst vulnerability. They authenticate and then send crafted data, after which the server crashes. I’d say this a worrisome issue for (commercial) VPN providers, so they definitely need to update as soon as possible.

The Other Flaws (CVE-2017-7520, CVE-2017-7522, CVE-2017-7508)

The patches for all four flaws, CVE-2017-7521 inclusive, were issued after they were disclosed privately by Vranken who used a fuzzer to find the bugs.

Were the flaws exploited in public attacks? The researcher says he doesn’t know. “This is difficult for me to say. But I’d say that if I can do this in a couple of weeks of spare time out of sheer curiosity, heavily funded organizations with political objectives can do it too,” he explained.

Three of the flaws the researcher came across were server-side causing servers to crash. The client-side flaw enables hackers to steal passwords to obtain access to the proxy. The server-side flaws require the hacker to be authenticated.

All the server issues require that the user is authenticated. This requires that the system administrator signs the certificate of a malicious user. For individual users who run their private server this is unlikely to occur, but it is bad for VPN services that have automated this process for a large group of (untrusted) users.

You can view the full report here.

Related Story: CVE-2017-1000367, Severe Root Vulnerability in Linux Sudo

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree