OpenVPN is one of the most popular pieces of VPN software. It regularly undergoes rigorous code review. But sometimes, a fuzzer is all that is necessary.
He goes on to discuss that fuzzing uncovered most of his findings and that fuzzing allows for an automated on-release form of security audits.
- Remote server crashes/double-free/memory leaks in certificate processing - CVE-2017-7521
- Remote (including MITM) client crash, data leak - CVE-2017-7520
- Remote (including MITM) client stack buffer corruption - No CVE
- Remote server crash (forced assertion failure) - CVE-2017-7508
- Crash mbed TLS/PolarSSL-based server - CVE-2017-7522
- Stack buffer overflow if long –tls-cipher is given - No CVE
All in all, his findings are fairly severe, although there is no remote code execution, memory leaks and DoS attacks are the bulk of it.
The Client Stack Buffer overflow only occurs if:
The Stack Buffer Overflow only occurs if a long --tls-cipher option is used. His solution was:
For the technical details of his findings, including code, check that link below.
If you appreciate what he is doing, make sure to donate to him:
What do you think about this? Does it scare you insanely? I'd love to hear your opinion on this, and if you have had any experience with OpenVPN security!