Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200511-07
HistoryNov 06, 2005 - 12:00 a.m.

OpenVPN: Multiple vulnerabilities

2005-11-0600:00:00
Gentoo Foundation
security.gentoo.org
15

0.093 Low

EPSS

Percentile

94.7%

JSON

Background

OpenVPN is a multi-platform, full-featured SSL VPN solution.

Description

The OpenVPN client contains a format string bug in the handling of the foreign_option in options.c. Furthermore, when the OpenVPN server runs in TCP mode, it may dereference a NULL pointer under specific error conditions.

Impact

A remote attacker could setup a malicious OpenVPN server and trick the user into connecting to it, potentially executing arbitrary code on the client’s computer. A remote attacker could also exploit the NULL dereference issue by sending specific packets to an OpenVPN server running in TCP mode, resulting in a Denial of Service condition.

Workaround

Do not use “pull” or “client” options in the OpenVPN client configuration file, and use UDP mode for the OpenVPN server.

Resolution

All OpenVPN users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.0.4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/openvpn< 2.0.4UNKNOWN

Related

nessus 7
debian 2
openvas 8
osv 1
altlinux 1
debiancve 2
ubuntucve 2
cve 2
freebsd 2
cvelist 2
nessus
nessus
GLSA-200511-07 : OpenVPN: Multiple vulnerabilities
2005-11-07 00:00:00
Debian DSA-885-1 : openvpn - several vulnerabilities
2006-10-14 00:00:00
Mandrake Linux Security Advisory : openvpn (MDKSA-2005:206-1)
2006-01-15 00:00:00
debian
debian
[SECURITY] [DSA 885-1] New OpenVPN packages fix several vulnerabilities
2005-11-07 09:57:19
[SECURITY] [DSA 885-1] New OpenVPN packages fix several vulnerabilities
2005-11-07 09:57:19
openvas
openvas
Gentoo Security Advisory GLSA 200511-07 (OpenVPN)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200511-07 (OpenVPN)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-885-1)
2008-01-17 00:00:00
osv
osv
openvpn - several
2005-11-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openvpn version 2.0.6-alt1
2006-04-06 00:00:00
debiancve
debiancve
CVE-2005-3409
2005-11-02 00:02:00
CVE-2005-3393
2005-11-01 12:47:00
ubuntucve
ubuntucve
CVE-2005-3409
2005-11-02 00:00:00
CVE-2005-3393
2005-11-01 00:00:00
cve
cve
CVE-2005-3393
2005-11-01 12:47:00
CVE-2005-3409
2005-11-02 00:02:00
freebsd
freebsd
openvpn -- arbitrary code execution on client through malicious or compromised server
2005-10-31 00:00:00
openvpn -- potential denial-of-service on servers in TCP mode
2005-11-01 00:00:00
cvelist
cvelist
CVE-2005-3409
2005-11-02 00:00:00
CVE-2005-3393
2005-11-01 11:00:00

0.093 Low

EPSS

Percentile

94.7%

JSON
Related for GLSA-200511-07
nessus7debian2openvas8osv1altlinux1debiancve2ubuntucve2cve2freebsd2cvelist2