Shellshock Affects OpenVPN

Wednesday, October 8, 2014 @ 08:10 AM gHale

The Shellshock Bash bug could be a problem for OpenVPN users, one researcher said.

Pre-authentication vectors affect communication through the popular VPN platform, said researcher Fredrick Stromberg.

VMware Releases Shellshock Updates
Bash Attack on NAS Systems
Shellshock Attacks Raging
Honeypot Finds Shellshock Attacks

Shellshock affected the crucial and ubiquitous *nix component Bash up to and including version 4.3.

Mullvad chief technology officer Stromberg described the flaw in a posting, adding he disclosed the vulnerability to OpenVPN sometime last week.

“OpenVPN servers are vulnerable to Shellshock under certain configurations,” Stromberg said.

“OpenVPN has a number of configuration options that can call custom commands during different stages of the tunnel session. Many of these commands are called with environmental variables set, some of which can be controlled by the client.

“One option used for username+password authentication is auth-user-pass-verify. If the called script uses a vulnerable shell, the client simply delivers the exploit and payload by setting the username. This attack vector is pre-auth.”

A proof of concept for the exploit has surfaced online.

Those using OpenVPN can dodge Shellshock by preventing Bash from running scripts.

Leave a Reply

You must be logged in to post a comment.