mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
4f79d3ec45
Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:\, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there. Credit: Scott Laurie, MWR InfoSecurity Version 2.1.2 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6400 e7ae566f-a301-0410-adde-c780ea21d3b5
7 lines
203 B
Plaintext
7 lines
203 B
Plaintext
dnl define the OpenVPN version
|
|
define(PRODUCT_VERSION,[2.1.2])
|
|
dnl define the TAP version
|
|
define(PRODUCT_TAP_ID,[tap0901])
|
|
define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])
|
|
define(PRODUCT_TAP_WIN32_MIN_MINOR,[1])
|