Oops 2 Posted ... AirVPN OSX client is using an OpenVPN binary version 2.3.8, according to the changelog it has several vulnerabilities that has been corrected in newer versions https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23. Replacing the binary inside the App for the OpenVPN 2.3.10 Binary (Brew version) works fine, so probably it would be easy to update the client. Thanks! Quote Share this post Link to post
zhang888 1066 Posted ... Planned in Eddie 2.11 (will feature OpenVPN 2.3.11).Which vulnerabilities are you talking about? There were no critical vulnerabilities in OpenVPN since 2014:https://www.cvedetails.com/vulnerability-list/vendor_id-3278/Openvpn.html Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Keksjdjdke 35 Posted ... How do I 'Replacing the binary inside the App for the OpenVPN 2.3.10 Binary (Brew version) works fine, so probably it would be easy to update the client.' I tried to compile it from the source code but cannot seem to get to work. Can you explain how you get the binary/ compile it? Quote Share this post Link to post
Oops 2 Posted ... Sorry for my explanation, I'm not talking about critical public vulnerabilities, I'm talking about the vulnerabilities fixed on the changelog and they include some memory leaks, buffer overflows, and a possible heap overflow among others, they are not public but it doesn't mean they can't be exploited Just replacing the binary will work just fine until Eddie 2.11. Great Work!Planned in Eddie 2.11 (will feature OpenVPN 2.3.11).Which vulnerabilities are you talking about? There were no critical vulnerabilities in OpenVPN since 2014:https://www.cvedetails.com/vulnerability-list/vendor_id-3278/Openvpn.html 1 Keksjdjdke reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... This is the only potential user supplied buffer overflow that was fixed:https://github.com/OpenVPN/openvpn/commit/b15d511aa6ca75c643a46b703b5536016a77d395 This requires parsing very long usernames/passwords by the pam-auth plugin.The client is not vulnerable to it in any case, and there is no possibility to exploit it remotely. The changes from 2.3.8 to 2.3.11 are very minor, and are mainly documentation, logging and compilation related. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Oops 2 Posted ... How do I 'Replacing the binary inside the App for the OpenVPN 2.3.10 Binary (Brew version) works fine, so probably it would be easy to update the client.' I tried to compile it from the source code but cannot seem to get to work. Can you explain how you get the binary/ compile it?1. Install brew (www.brew.sh)2. brew install openvpn (installs pre-compiled openvpn from brew, easy way.)3. mv Applications/AirVPN.app/Contents/MacOS/openvpn Applications/AirVPN.app/Contents/MacOS/openvpn.backup (Rename the AirVPN openvpn binary, just in case)4. cp /usr/local/opt/openvpn/sbin/openvpn Applications/AirVPN.app/Contents/MacOS/ (Copy the updated one) This is the only potential user supplied buffer overflow that was fixed:https://github.com/OpenVPN/openvpn/commit/b15d511aa6ca75c643a46b703b5536016a77d395 This requires parsing very long usernames/passwords by the pam-auth plugin.The client is not vulnerable to it in any case, and there is no possibility to exploit it remotely. The changes from 2.3.8 to 2.3.11 are very minor, and are mainly documentation, logging and compilation related.Well don't get me wrong, I'm not saying the client could be remotely exploitable or any criticism to the AirVPN security. I'm more than happy with it, just saying it would be an "easy update" for the client until Eddie is released with the latest version. Thanks! 1 Keksjdjdke reacted to this Quote Share this post Link to post
Keksjdjdke 35 Posted ... How do I 'Replacing the binary inside the App for the OpenVPN 2.3.10 Binary (Brew version) works fine, so probably it would be easy to update the client.[/size]' I tried to compile it from the source code but cannot seem to get to work. Can you explain how you get the binary/ compile it?1. Install brew (www.brew.sh)2. brew install openvpn (installs pre-compiled openvpn from brew, easy way.)3. mv Applications/AirVPN.app/Contents/MacOS/openvpn Applications/AirVPN.app/Contents/MacOS/openvpn.backup (Rename the AirVPN openvpn binary, just in case)4. cp /usr/local/opt/openvpn/sbin/openvpn Applications/AirVPN.app/Contents/MacOS/ (Copy the updated one) This is the only potential user supplied buffer overflow that was fixed:https://github.com/OpenVPN/openvpn/commit/b15d511aa6ca75c643a46b703b5536016a77d395 This requires parsing very long usernames/passwords by the pam-auth plugin.The client is not vulnerable to it in any case, and there is no possibility to exploit it remotely. The changes from 2.3.8 to 2.3.11 are very minor, and are mainly documentation, logging and compilation related.Well don't get me wrong, I'm not saying the client could be remotely exploitable or any criticism to the AirVPN security. I'm more than happy with it, just saying it would be an "easy update" for the client until Eddie is released with the latest version. Thanks! Thank you. This is very helpful. 1 Oops reacted to this Quote Share this post Link to post
Not connected, Your IP: 18.218.76.193
Online: 26055 users - 323869 Mbit/s total BW