tag namev2.2-beta2 (113ba508ba6f7ef80399b328307fc43f3d7655b5)
tag date2010-08-16 20:47:53 +0200
tagged byDavid Sommerseth <dazo@users.sourceforge.net>
tagged objectcommit 39cd93760b...
2010.08.16 -- Version 2.2-beta2
* Windows security issue: Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:\, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there. Credit: Scott Laurie, MWR InfoSecurity * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * Fixed compiler warning in ssl.c when compiling with --enable-strict -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEABECAAYFAkxph+kACgkQDC186MBRfroKSQCdE7+9R8JHVuafiPZuLFUEnGL+ Q7UAnj0qGBXP8D8JXCvC0W/TBVlG7mOo =NezD -----END PGP SIGNATURE-----