Aviatrix, a supplier of open source enterprisevirtual private networks(VPNs) to customers including BT, Nasa and Shell, has patched a serious vulnerability in its client that could have given an attacker escalation privileges on a machine to which they already had access. Learn more about this vulnerability and its implications for Linux users in an informative Computer Weekly article:
The vulnerability was uncovered byImmersive Labsresearcher and content engineer Alex Seymour, after noticing that the VPN client was unusually verbose when booting on a Linux machine.
Its disclosure comes hot on the heels of government warnings about the possibility of state-sponsored threat actors targeting high-profile organisations through VPN vulnerabilities in products from the likes of Pulse Secure, Palo Alto Networks and Fortinet.
The link for this article located at Computer Weekly is no longer available.