From 4f79d3ec453e8bc2621a847121b0086e0e86b165 Mon Sep 17 00:00:00 2001 From: James Yonan Date: Sun, 15 Aug 2010 21:53:00 +0000 Subject: Windows security issue: Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:\, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there. Credit: Scott Laurie, MWR InfoSecurity Version 2.1.2 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6400 e7ae566f-a301-0410-adde-c780ea21d3b5 --- version.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'version.m4') diff --git a/version.m4 b/version.m4 index 4add313..06d526f 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1.1o]) +define(PRODUCT_VERSION,[2.1.2]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) -- cgit