9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.6%
Severity: Critical
Date : 2017-06-22
CVE-ID : CVE-2017-7508 CVE-2017-7512 CVE-2017-7520 CVE-2017-7521
Package : openvpn
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-318
The package openvpn before version 2.4.3-1 is vulnerable to multiple
issues including information disclosure, arbitrary code execution and
denial of service.
Upgrade to 2.4.3-1.
The problems have been fixed upstream in version 2.4.3.
None.
A remote denial of service has been found in OpenVPN < 2.4.3, allowing
a remote client to crash a server by sending a malformed IPv6 packet.
The issue requires IPv6 and the --mssfix option to be enabled, and
knowledge of the IPv6 networks used inside the VPN.
A remote denial of service has been found in OpenVPN < 2.4.3. A remote
client can exploit a memory leak in the server’s certificate parsing
code to make it leak a few bytes of memory for each connection attempt,
causing it to run out of memory.
A pre-authentication remote crash/information disclosure vulnerability
has been discovered in OpenVPN < 2.4.3. If the client uses a HTTP proxy
with NTLM authentication (i.e. “–http-proxy <server> <port>
[<authfile>|‘auto’|‘auto-nct’] ntlm2”) to connect to the OpenVPN
server, an attacker in position of man-in-the-middle between the client
and the proxy can cause the client to crash or disclose at most 96
bytes of stack memory. The disclosed stack memory is likely to contain
the proxy password.
A use-after-free has been found in OpenVPN < 2.4.3. The issue is caused
by extract_x509_extension() not checking the return value of
ASN1_STRING_to_UTF8(), and using then freeing a memory allocation that
has already been freed if it failed. The issue requires the use of the
–x509-alt-username option with an x509 extension, and is very unlikely
to be triggered unless the remote peer can make the local process run
out of memory.
An attacker in position of man-in-the-middle can access sensitive
information from a client using a HTTP proxy with NTLM authentication
to connect to the server. A remote attacker can crash a server and
possibly execute arbitrary code on the affected host under specific
conditions.
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
https://github.com/OpenVPN/openvpn/commit/c3f47077a7
https://github.com/OpenVPN/openvpn/commit/2341f71619
https://github.com/OpenVPN/openvpn/commit/7718c8984f
https://github.com/OpenVPN/openvpn/commit/cb4e35ece4
https://github.com/OpenVPN/openvpn/commit/2d032c7fcd
https://security.archlinux.org/CVE-2017-7508
https://security.archlinux.org/CVE-2017-7512
https://security.archlinux.org/CVE-2017-7520
https://security.archlinux.org/CVE-2017-7521
community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
github.com/OpenVPN/openvpn/commit/2341f71619
github.com/OpenVPN/openvpn/commit/2d032c7fcd
github.com/OpenVPN/openvpn/commit/7718c8984f
github.com/OpenVPN/openvpn/commit/c3f47077a7
github.com/OpenVPN/openvpn/commit/cb4e35ece4
guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
security.archlinux.org/AVG-318
security.archlinux.org/CVE-2017-7508
security.archlinux.org/CVE-2017-7512
security.archlinux.org/CVE-2017-7520
security.archlinux.org/CVE-2017-7521
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.6%