Launchpad CVE tracker

CVE 2008-3459

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.

Related bugs and status

CVE-2008-3459 (Candidate) is related to these bugs:

Bug #256621: [CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via crafted configuration

		In	Importance	Status
256621	[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via crafted configuration	openvpn (Ubuntu)	Undecided	Fix Released
256621	[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via crafted configuration	openvpn (Debian)	Unknown	Fix Released
256621	[CVE-2008-3459] OpenVPN vulnerability allows arbitrary command execution via crafted configuration	openvpn (Ubuntu Hardy)	Low	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-3459

References