Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread Arne Schwabe
Am 13.11.24 um 12:40 schrieb נתי שטרן: Dear OpenVPN Development Team, I hope this message finds you well. I am currently conducting a security audit on OpenVPN, and during my research, I came across some potential vectors for Remote Code Execution (RCE) vulnerabilities. I would like to inquir

Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread Gert Doering
Hi, On Wed, Nov 13, 2024 at 02:15:58PM +0200, ?? wrote: > I am finding rcevulnerabilities on ubuntu based openvpn please elaborate. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out.

Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread נתי שטרן
I am reaching out in the hopes of getting assistance with a potential zero-day Remote Code Execution (RCE) vulnerability that I am investigating on an Ubuntu-based OpenVPN system. I've conducted preliminary research and tested various common vectors, including configuration issues, script injectio

Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread נתי שטרן
I am finding rcevulnerabilities on ubuntu based openvpn בתאריך יום ד׳, 13 בנוב׳ 2024, 13:52, מאת Arne Schwabe ‏: > Am 13.11.24 um 12:40 schrieb נתי שטרן: > > Dear OpenVPN Development Team, > > > > I hope this message finds you well. > > > > I am currently conducting a security audit on OpenVP

[Openvpn-devel] [M] Change in openvpn[master]: Use XOR instead of concatenation for calculation of IV from implicit IV

2024-11-13 Thread plaisthos (Code Review)
Attention is currently required from: cron2, flichtenheld, ordex. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/797?usp=email ) Change subject: Use XOR instead of concatenation for calculation of IV from implicit IV ..

[Openvpn-devel] IRC community meeting summary

2024-11-13 Thread Johan Draaisma
Meeting summary for 13 November 2024: * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex will send out*patchset v12*later this week./ * *Updated: DCO windows multi-peer* /Kernelspace and userspace now look to be

Re: [Openvpn-devel] Fwd: Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread David Sommerseth via Openvpn-devel
On 13/11/2024 14:59, נתי שטרן wrote: -- Forwarded message - מאת: *נתי שטרן* mailto:nsh...@gmail.com>> ‪Date: יום ד׳, 13 בנוב׳ 2024, 15:52‬ Subject: Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE) To: Gert Doering mailto:g..

Re: [Openvpn-devel] Fwd: Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread נתי שטרן
In which programming languages openvpn has written? Python , C or etc.? Tnx Netanel בתאריך יום ד׳, 13 בנוב׳ 2024, 16:22, מאת David Sommerseth ‏< dazo+open...@eurephia.org>: > On 13/11/2024 14:59, נתי שטרן wrote: > > > > -- Forwarded message - > > מאת: *נתי שטרן* mailto:nsh...@gma

[Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread נתי שטרן
Dear OpenVPN Development Team, I hope this message finds you well. I am currently conducting a security audit on OpenVPN, and during my research, I came across some potential vectors for Remote Code Execution (RCE) vulnerabilities. I would like to inquire whether there are any known issues or rec

Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread נתי שטרן
I want to work with you for finding RCEs on openvpn as zeroday Tnx Netanel בתאריך יום ד׳, 13 בנוב׳ 2024, 15:40, מאת Gert Doering ‏: > Hi, > > On Wed, Nov 13, 2024 at 03:05:11PM +0200, ?? wrote: > > I am reaching out in the hopes of getting assistance with a potential > > zero-day Re

Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread Gert Doering
Hi, On Wed, Nov 13, 2024 at 03:42:57PM +0200, ?? wrote: > I want to work with you for finding RCEs on openvpn as zeroday People looking at OpenVPN and finding security weaknesses is very welcome :-) - so I think you got sufficient answers to get started - "there are no known RCEs, s

[Openvpn-devel] Fwd: Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread נתי שטרן
-- Forwarded message - מאת: נתי שטרן ‪Date: יום ד׳, 13 בנוב׳ 2024, 15:52‬ Subject: Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE) To: Gert Doering Cc: Arne Schwabe I want to find zerodays but I glad to any help on this ( t

Re: [Openvpn-devel] Fwd: Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread David Sommerseth via Openvpn-devel
On 13/11/2024 15:24, נתי שטרן wrote: In which programming languages openvpn has written? Python , C or etc.? We do expect you to do some research on your own. But here is a starting point: https://github.com/OpenVPN/ -- kind regards, David Sommerseth OpenVPN Inc __

Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

2024-11-13 Thread Gert Doering
Hi, On Wed, Nov 13, 2024 at 03:05:11PM +0200, ?? wrote: > I am reaching out in the hopes of getting assistance with a potential > zero-day Remote Code Execution (RCE) vulnerability that I am investigating > on an Ubuntu-based OpenVPN system. If you have *found* something, please let