Bugzilla – Bug 1085803
VUL-1: CVE-2018-7544: openvpn: Cross-protocol scripting issue was discovered in the management interface
Last modified: 2023-02-20 10:43:06 UTC
CVE-2018-7544 A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7544 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7544.html http://www.cvedetails.com/cve/CVE-2018-7544/
This has been disputed upstream and will be addressed with a documentation change and runtime warning. We should probably port these changes over, once available. Nothing too serious, though.
SUSE-SU-2021:1576-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1085803,1185279 CVE References: CVE-2018-7544,CVE-2020-15078 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): openvpn-2.3.8-16.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1577-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1085803,1169925,1185279 CVE References: CVE-2018-7544,CVE-2020-11810,CVE-2020-15078 JIRA References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): openvpn-2.4.3-5.7.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): openvpn-2.4.3-5.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14723-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1085803,1185279 CVE References: CVE-2018-7544,CVE-2020-15078 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SECURITY (src): openvpn-openssl1-2.3.2-0.10.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0734-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1085803,1169925,1185279 CVE References: CVE-2018-7544,CVE-2020-11810,CVE-2020-15078 JIRA References: Sources used: openSUSE Leap 15.2 (src): openvpn-2.4.3-lp152.6.3.1
Still missing for SUSE:SLE-11-SP1:Update and SUSE:SLE-11-SP3:Update
Oops closed by mistake... Assigning to security team as it is security bug BTW is this patch relevant for SLE-11-SP1? $ osc -A int maintained openvpn SUSE:SLE-10-SP3:Update:Test/openvpn SUSE:SLE-11-SP1:Update/openvpn <------- SUSE:SLE-11-SP3:Update/openvpn using sources from SUSE:Maintenance:27789/openvpn.SUSE_SLE-11-SP3_Update SUSE:SLE-11:Update/openvpn SUSE:SLE-12:Update/openvpn SUSE:SLE-15-SP4:Update/openvpn SUSE:SLE-15:Update/openvpn