openvpn: multiple vulnerabilities
| Package(s): | openvpn | CVE #(s): | CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534 | ||||||||
| Created: | August 23, 2005 | Updated: | October 10, 2005 | ||||||||
| Description: | A number of vulnerabilities were discovered in OpenVPN that were fixed in
the 2.0.1 release:
A DoS attack against the server when run with "verb 0" and without "tls-auth" when a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client. A DoS attack against the server by an authenticated client that sends a packet which fails to decrypt on the server, the OpenSSL error queue was not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client. A DoS attack against the server by an authenticated client is possible in "dev tap" ethernet bridging mode where a malicious client could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, resulting in the OpenVPN process exhausting system virtual memory. If two or more client machines tried to connect to the server at the same time via TCP, using the same client certificate, a race condition could crash the server if --duplicate-cn is not enabled on the server. | ||||||||||
| Alerts: |
| ||||||||||