We’re publicizing this set of vulnerabilities because we want to make sure the largest number of OpenVPN users are protected as quickly as possible.
Southfield, MI (PRWEB) July 05, 2017
Future Hosting, a VPS hosting and dedicated server hosting provider, has warned users of the popular OpenVPN virtual private network application to update immediately. A number of vulnerabilities in OpenVPN, including a critical remote code execution vulnerability, may allow an attacker to compromise the privacy of data communicated over OpenVPN nodes (as reported in ZDNet on June 22nd).
The vulnerabilities, which were discovered by security researcher Guido Vranken and disclosed to OpenVPN’s developers, have been patched. Users of OpenVPN should update as soon as possible to mitigate the risk to their virtual private network infrastructure. It should be noted that the vulnerabilities are unrelated to audits carried out earlier in 2017, which discovered several minor vulnerabilities. Users of OpenVPN who updated following the audits should update again.
As a provider of virtual and dedicated server hosting, Future Hosting’s infrastructure is used to host many instances of OpenVPN. The open source project is used by businesses of all sizes to protect communications between their internal networks and the open internet and between servers. Future Hosting wants to encourage as many OpenVPN users as possible to update to reduce the risk to its clients and all virtual private network users.
“OpenVPN is a critical part of the security apparatus of many companies. Users of OpenVPN expect their VPN nodes to be secure — that’s why they use OpenVPN in the first place,” said Maulesh Patel, VP of Operations of Future Hosting, “We’re publicizing this set of vulnerabilities because we want to make sure the largest number of OpenVPN users are protected as quickly as possible.”
The most critical of the vulnerabilities — CVE–2017–7521 — could be used by a sophisticated attacker to exhaust and corrupt a server’s memory, potentially allowing the attacker to run arbitrary code on the server. The other vulnerabilities are less serious, but still pose an unacceptable security risk, including a vulnerability that could allow an attacker to crash an OpenVPN server.
It should be noted that there’s no evidence of these vulnerabilities being used by criminals at this time. However, the vulnerabilities have been publicly disclosed along with proofs of concept, so it won’t be long before they’re adopted by malicious actors.
## About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com