看到「The OpenVPN post-audit bug bonanza」這個只有苦笑啊...
作者在 OpenVPN 經過一連串的安全加強後 (包括 harden 計畫與兩個外部單位的程式碼稽核找到不少問題),決定出手挖看看:
After a hardening of the OpenVPN code (as commissioned by the Dutch intelligence service AIVD) and two recent audits 1 2, I thought it was now time for some real action ;).
然後就挖出不少問題了...
可以看到作者透過 fuzzing 打出一卡車,包含了不少 crash XDDD:(然後有一個是 stack buffer corruption,不知道有沒有機會變成 RCE)
- Remote server crashes/double-free/memory leaks in certificate processing (CVE-2017-7521)
- Remote (including MITM) client crash, data leak (CVE-2017-7520)
- Remote (including MITM) client stack buffer corruption
- Remote server crash (forced assertion failure) (CVE-2017-7508)
- Crash mbed TLS/PolarSSL-based server (CVE-2017-7522)
- Stack buffer overflow if long –tls-cipher is given