summaryrefslogtreecommitdiffstats
path: root/install-win32
diff options
context:
space:
mode:
authorJames Yonan <james@openvpn.net>2010-08-15 21:53:00 +0000
committerJames Yonan <james@openvpn.net>2010-08-15 21:53:00 +0000
commit4f79d3ec453e8bc2621a847121b0086e0e86b165 (patch)
tree7af6d8d74b22053e1a818cde5bca72983ddb3d76 /install-win32
parent379b549c81a8085c8134d46e55c6fbbd0884a404 (diff)
downloadopenvpn-4f79d3ec453e8bc2621a847121b0086e0e86b165.tar.gz
openvpn-4f79d3ec453e8bc2621a847121b0086e0e86b165.tar.xz
openvpn-4f79d3ec453e8bc2621a847121b0086e0e86b165.zip
Windows security issue:v2.1.2
Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:\, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there. Credit: Scott Laurie, MWR InfoSecurity Version 2.1.2 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6400 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'install-win32')
-rw-r--r--install-win32/settings.in2
1 files changed, 1 insertions, 1 deletions
diff --git a/install-win32/settings.in b/install-win32/settings.in
index edebd44..21ea0a7 100644
--- a/install-win32/settings.in
+++ b/install-win32/settings.in
@@ -22,7 +22,7 @@
;!define OPENVPN_XGUI_DIR "../ovpnxml"
# Prebuilt libraries. DMALLOC is optional.
-!define OPENSSL_DIR "../openssl-0.9.8l"
+!define OPENSSL_DIR "../openssl.mingw/openssl-0.9.8o"
!define LZO_DIR "../lzo-2.02"
!define PKCS11_HELPER_DIR "../pkcs11-helper"
;!define DMALLOC_DIR "../dmalloc-5.4.2"