interactive.c: disable remote access to the service pipe

Remote access to the service pipe is not needed and might be a potential attack vector. For example, if an attacker manages to get credentials for a user which is the member of "OpenVPN Administrators" group on a victim machine, an attacker might be able to communicate with the privileged interactive service on a victim machine and start openvpn processes remotely. CVE: 2024-24974 Microsoft case number: 85925 Reported-by: Vladimir Tokarev <[email protected]> Change-Id: I8739c5f127e9ca0683fcdbd099dba9896ae46277 Signed-off-by: Lev Stipakov <[email protected]> Acked-by: Heiko Hund <[email protected]> Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg28419.html Signed-off-by: Gert Doering <[email protected]> (cherry picked from commit 2c1de0f)
OpenVPN · Mar 19, 2024 · e0775c0 · e0775c0
1 parent 30bddb1
commit e0775c0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
@@ -1994,7 +1994,7 @@ CreateClientPipeInstance(VOID)
 
     openvpn_sntprintf(pipe_name, _countof(pipe_name), TEXT("\\\\.\\pipe\\" PACKAGE "%s\\service"), service_instance);
     pipe = CreateNamedPipe(pipe_name, flags,
-                           PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE,
+                           PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_REJECT_REMOTE_CLIENTS,
                            PIPE_UNLIMITED_INSTANCES, 1024, 1024, 0, NULL);
     if (pipe == INVALID_HANDLE_VALUE)
     {