OpenVPN -- two remote denial-of-service vulnerabilities

🗓️ 10 May 2017 00:00:00Reported by FreeBSDType

freebsd

freebsd🔗 vuxml.freebsd.org👁 49 Views

OpenVPN 2.4.0 audit reveals two remote denial-of-service vulnerabilitie

Reporter	Title	Published	Views	Family All 76
0day.today	OpenVPN 2.4.0 - Unauthenticated Denial of Service Exploit	11 May 201700:00	–	zdt
AlpineLinux	CVE-2017-7478	15 May 201718:00	–	alpinelinux
AlpineLinux	CVE-2017-7479	15 May 201718:00	–	alpinelinux
ArchLinux	[ASA-201705-16] openvpn: denial of service	13 May 201700:00	–	archlinux
Broadcom	BSA-2017-337	23 Jun 201700:00	–	broadcom
Broadcom	BSA-2017-339	23 Jun 201700:00	–	broadcom
ALT Linux	Security fix for the ALT Linux 9 package openvpn version 2.4.2-alt1	14 May 201700:00	–	altlinux
Circl	CVE-2017-7478	11 May 201700:00	–	circl
CNVD	OpenVPN Denial of Service Vulnerability (CNVD-2017-06937)	17 May 201700:00	–	cnvd
CNVD	OpenVPN Unauthenticated Denial of Service Vulnerability	18 May 201700:00	–	cnvd

OS	OS Version	Architecture	Package	Package Version	Filename
FreeBSD	any	noarch	openvpn	2.3.15	UNKNOWN
FreeBSD	any	noarch	openvpn23	2.3.15	UNKNOWN
FreeBSD	any	noarch	openvpn-mbedtls	2.4.0	UNKNOWN
FreeBSD	any	noarch	openvpn-mbedtls	2.4.2	UNKNOWN
FreeBSD	any	noarch	openvpn-polarssl	2.3.15	UNKNOWN
FreeBSD	any	noarch	openvpn23-polarssl	2.3.15	UNKNOWN

Source	Link
openvpn	www.openvpn.net/index.php/open-source/downloads.html
community	www.community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
privateinternetaccess	www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/
ostif	www.ostif.org/

10 May 2017 00:00Current

2.2Low risk

Vulners AI Score2.2

CVSS 25

CVSS 37.5

EPSS0.04599

openvpn audit vulnerabilities denial-of-service