Lucene search
Gentoo FoundationGLSA-201311-13HistoryNov 20, 2013 - 12:00 a.m.
OpenVPN: Multiple vulnerabilities
2013-11-2000:00:00
Gentoo Foundation
security.gentoo.org
10
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.005 Low
EPSS
Percentile
75.9%
Background
OpenVPN is a multi-platform, full-featured SSL VPN solution.
Description
Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to recover plaintext from an encrypted communication. Another vulnerability could allow remote attacker perform a Man-in-the-Middle attack.
Workaround
There is no known workaround at this time.
Resolution
All OpenVPN users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.3.1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-misc/openvpn | < 2.3.1 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 201311-13
2015-09-29 00:00:00
Fedora Update for openvpn FEDORA-2013-7552
2013-05-17 00:00:00
Fedora Update for openvpn FEDORA-2013-7531
2013-05-17 00:00:00
nessus
nessus
GLSA-201311-13 : OpenVPN: Multiple vulnerabilities
2013-11-21 00:00:00
Mandriva Linux Security Advisory : openvpn (MDVSA-2013:167)
2013-05-28 00:00:00
Amazon Linux AMI : openvpn (ALAS-2013-201)
2013-09-04 00:00:00
cve
cve
CVE-2013-2061
2013-11-18 02:55:07
kaspersky
kaspersky
KLA10281 OSI vulnerability in OpenVPN
2013-11-17 00:00:00
amazon
amazon
Low: openvpn
2013-06-11 22:47:00
fedora
fedora
[SECURITY] Fedora 17 Update: openvpn-2.3.1-2.fc17
2013-05-16 02:50:42
[SECURITY] Fedora 18 Update: openvpn-2.3.1-2.fc18
2013-05-16 03:04:28
[SECURITY] Fedora 12 Update: nss-util-3.12.5-1.fc12.1
2009-12-10 04:13:15
ubuntu
ubuntu
OpenVPN vulnerability
2014-10-02 00:00:00
nss vulnerability
2010-06-29 00:00:00
NSS vulnerability
2010-07-23 00:00:00
cvelist
cvelist
CVE-2013-2061
2013-11-15 18:16:00
CVE-2009-3555
2009-11-09 17:00:00
freebsd
freebsd
OpenVPN -- potential side-channel/timing attack when comparing HMACs
2013-03-19 00:00:00
securityvulns
securityvulns
OpenVPN cryptography weakness
2013-06-05 00:00:00
[ MDVSA-2013:167 ] openvpn
2013-06-05 00:00:00
[ MDVSA-2009:295 ] apache
2009-11-09 00:00:00
prion
prion
Code injection
2013-11-18 02:55:00
Cross site request forgery (csrf)
2009-11-09 17:30:00
debiancve
debiancve
CVE-2013-2061
2013-11-18 02:55:07
CVE-2009-3555
2009-11-09 17:30:00
ubuntucve
ubuntucve
CVE-2013-2061
2013-11-17 00:00:00
CVE-2009-3555
2009-11-09 00:00:00
nvd
nvd
CVE-2013-2061
2013-11-18 02:55:07
CVE-2009-3555
2009-11-09 17:30:00
debian
debian
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
2011-01-05 23:20:31
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
2011-01-12 18:51:18
fortinet
fortinet
FortiOS SSL Deep-Inspection possible Insecure Renegotiation
2017-11-03 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:36:56
seebug
seebug
TLS Renegotiation Vulnerability PoC Exploit
2009-12-21 00:00:00
TLS Renegotiation Vulnerability PoC
2014-07-01 00:00:00
cisco
cisco
Transport Layer Security Renegotiation Vulnerability
2009-11-09 13:00:00
oraclelinux
oraclelinux
openssl097a security update
2010-03-25 00:00:00
nss security update
2010-03-25 00:00:00
centos
centos
openssl097a security update
2010-03-27 17:44:36
nspr, nss security update
2010-03-28 15:36:50
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
slackware
slackware
openssl
2009-11-16 13:42:36
hackerone
hackerone
Slack: TLS1/SSLv3 Renegotiation Vulnerability
2014-04-02 13:01:00
redhat
redhat
(RHSA-2010:0165) Moderate: nss security update
2010-03-25 00:00:00
(RHSA-2010:0164) Moderate: openssl097a security update
2010-03-25 00:00:00
packetstorm
packetstorm
TLS Renegotiation Exploit
2009-12-21 00:00:00
f5
f5
K10737 : SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541
2013-07-05 00:00:00
SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541
2009-11-05 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2009-3555
2009-11-05 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:15.ssl
2009-12-03 00:00:00
checkpoint_advisories
checkpoint_advisories
TLS Renegotiation (CVE-2009-3555)
2009-11-22 00:00:00
TLS Client Initiated Renegotiation (CVE-2009-3555)
2009-11-23 00:00:00
Preemptive Protection against TLS and SSL Spoofing Vulnerability
2010-02-09 00:00:00
osv
osv
Apache Tomcat affected by vulnerability in TLS and SSL protocol
2022-05-02 03:46:22
exploitpack
exploitpack
TLS - Renegotiation
2009-12-21 00:00:00
cert
cert
SSL and TLS protocols renegotiation vulnerability
2009-11-11 00:00:00
ibm
ibm
nginx
nginx
The renegotiation vulnerability in SSL protocol
2009-11-09 17:30:00
github
github
Apache Tomcat affected by vulnerability in TLS and SSL protocol
2022-05-02 03:46:22
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.005 Low
EPSS
Percentile
75.9%
Related for GLSA-201311-13