Jump to content
Not connected, Your IP: 3.142.200.247
Oops

AirVPN OSX (Update OpenVPN Version)

Recommended Posts

Planned in Eddie 2.11 (will feature OpenVPN 2.3.11).

Which vulnerabilities are you talking about? There were no critical vulnerabilities in OpenVPN since 2014:

https://www.cvedetails.com/vulnerability-list/vendor_id-3278/Openvpn.html


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

How do I 'Replacing the binary inside the App for the OpenVPN 2.3.10 Binary (Brew version) works fine, so probably it would be easy to update the client.' I tried to compile it from the source code but cannot seem to get to work. Can you explain how you get the binary/ compile it?

Share this post


Link to post

Sorry for my explanation, I'm not talking about critical public vulnerabilities, I'm talking about the vulnerabilities fixed on the changelog and they include some memory leaks, buffer overflows, and a possible heap overflow among others, they are not public but it doesn't mean they can't be exploited Just replacing the binary will work just fine until Eddie 2.11.

 

Great Work!

Planned in Eddie 2.11 (will feature OpenVPN 2.3.11).

Which vulnerabilities are you talking about? There were no critical vulnerabilities in OpenVPN since 2014:

https://www.cvedetails.com/vulnerability-list/vendor_id-3278/Openvpn.html

Share this post


Link to post

This is the only potential user supplied buffer overflow that was fixed:

https://github.com/OpenVPN/openvpn/commit/b15d511aa6ca75c643a46b703b5536016a77d395

 

This requires parsing very long usernames/passwords by the pam-auth plugin.

The client is not vulnerable to it in any case, and there is no possibility to exploit it remotely.

 

 

The changes from 2.3.8 to 2.3.11 are very minor, and are mainly documentation, logging and compilation related.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

How do I 'Replacing the binary inside the App for the OpenVPN 2.3.10 Binary (Brew version) works fine, so probably it would be easy to update the client.' I tried to compile it from the source code but cannot seem to get to work. Can you explain how you get the binary/ compile it?

1. Install brew (www.brew.sh)

2. brew install openvpn (installs pre-compiled openvpn from brew, easy way.)

3. mv Applications/AirVPN.app/Contents/MacOS/openvpn Applications/AirVPN.app/Contents/MacOS/openvpn.backup (Rename the AirVPN openvpn binary, just in case)

4. cp /usr/local/opt/openvpn/sbin/openvpn Applications/AirVPN.app/Contents/MacOS/ (Copy the updated one)

 

This is the only potential user supplied buffer overflow that was fixed:

https://github.com/OpenVPN/openvpn/commit/b15d511aa6ca75c643a46b703b5536016a77d395

 

This requires parsing very long usernames/passwords by the pam-auth plugin.

The client is not vulnerable to it in any case, and there is no possibility to exploit it remotely.

 

 

The changes from 2.3.8 to 2.3.11 are very minor, and are mainly documentation, logging and compilation related.

Well don't get me wrong, I'm not saying the client could be remotely exploitable or any criticism to the AirVPN security. I'm more than happy with it, just saying it would be an "easy update" for the client until Eddie is released with the latest version.

 

Thanks! 

Share this post


Link to post

 

How do I 'Replacing the binary inside the App for the OpenVPN 2.3.10 Binary (Brew version) works fine, so probably it would be easy to update the client.[/size]' I tried to compile it from the source code but cannot seem to get to work. Can you explain how you get the binary/ compile it?

1. Install brew (www.brew.sh)

2. brew install openvpn (installs pre-compiled openvpn from brew, easy way.)

3. mv Applications/AirVPN.app/Contents/MacOS/openvpn Applications/AirVPN.app/Contents/MacOS/openvpn.backup (Rename the AirVPN openvpn binary, just in case)

4. cp /usr/local/opt/openvpn/sbin/openvpn Applications/AirVPN.app/Contents/MacOS/ (Copy the updated one)

 

This is the only potential user supplied buffer overflow that was fixed:

https://github.com/OpenVPN/openvpn/commit/b15d511aa6ca75c643a46b703b5536016a77d395

 

This requires parsing very long usernames/passwords by the pam-auth plugin.

The client is not vulnerable to it in any case, and there is no possibility to exploit it remotely.

 

 

The changes from 2.3.8 to 2.3.11 are very minor, and are mainly documentation, logging and compilation related.

Well don't get me wrong, I'm not saying the client could be remotely exploitable or any criticism to the AirVPN security. I'm more than happy with it, just saying it would be an "easy update" for the client until Eddie is released with the latest version.

 

Thanks! 

Thank you. This is very helpful.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...