Skip to content
  • kali's avatar
    [bug] avoid installing in custom paths · e694a038
    kali authored and Kali Kaneko's avatar Kali Kaneko committed
    A vulnerability in QtIFW produces improper ACLs to be set when
    installing in custom locations. This can lead to privilege escalation if
    a non-privileged user overwrites the openvpn binary. Thanks to
    researchers at Tenable for finding and reporting this!
    
    Impact is considered low-medium, since an installation outside of the
    suggested path is needed to trigger the issue.
    
    Privileged execution of openvpn should be abandoned in next release, in
    favor of the interactive service.
    
    A bug upstream should be filed since other projects could be affected by
    this vulnerability too.
    
    -Resolves: #569
    e694a038
To find the state of this project's repository at the time of any of these versions, check out the tags.