Search...

openSUSE Security Update : openvpn (openSUSE-SU-2014:1594-1)

2014-12-09T00:00:00

ID OPENSUSE-2014-759.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2014-12-09T00:00:00

Description

openvpn was updated to fix a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT (bnc#907764,CVE-2014-8104),

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-759.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79821);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-8104");

  script_name(english:"openSUSE Security Update : openvpn (openSUSE-SU-2014:1594-1)");
  script_summary(english:"Check for the openSUSE-2014-759 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"openvpn was updated to fix a denial-of-service vulnerability where an
authenticated client could stop the server by triggering a server-side
ASSERT (bnc#907764,CVE-2014-8104),"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=907764"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00039.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected openvpn packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvpn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvpn-auth-pam-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvpn-auth-pam-plugin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvpn-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvpn-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvpn-down-root-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvpn-down-root-plugin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3|SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"openvpn-2.2.2-9.9.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openvpn-auth-pam-plugin-2.2.2-9.9.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openvpn-auth-pam-plugin-debuginfo-2.2.2-9.9.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openvpn-debuginfo-2.2.2-9.9.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openvpn-debugsource-2.2.2-9.9.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openvpn-down-root-plugin-2.2.2-9.9.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openvpn-down-root-plugin-debuginfo-2.2.2-9.9.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openvpn-2.3.2-3.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openvpn-auth-pam-plugin-2.3.2-3.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openvpn-auth-pam-plugin-debuginfo-2.3.2-3.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openvpn-debuginfo-2.3.2-3.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openvpn-debugsource-2.3.2-3.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openvpn-down-root-plugin-2.3.2-3.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openvpn-down-root-plugin-debuginfo-2.3.2-3.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"openvpn-2.3.4-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"openvpn-auth-pam-plugin-2.3.4-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"openvpn-auth-pam-plugin-debuginfo-2.3.4-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"openvpn-debuginfo-2.3.4-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"openvpn-debugsource-2.3.4-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"openvpn-down-root-plugin-2.3.4-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"openvpn-down-root-plugin-debuginfo-2.3.4-2.4.1") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openvpn / openvpn-auth-pam-plugin / etc");
}

JSON Vulners Source

Initial Source

{"id": "OPENSUSE-2014-759.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : openvpn (openSUSE-SU-2014:1594-1)", "description": "openvpn was updated to fix a denial-of-service vulnerability where an\nauthenticated client could stop the server by triggering a server-side\nASSERT (bnc#907764,CVE-2014-8104),", "published": "2014-12-09T00:00:00", "modified": "2014-12-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/79821", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.opensuse.org/opensuse-updates/2014-12/msg00039.html", "https://bugzilla.opensuse.org/show_bug.cgi?id=907764"], "cvelist": ["CVE-2014-8104"], "type": "nessus", "lastseen": "2021-01-20T12:28:05", "edition": 18, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-8104"]}, {"type": "slackware", "idList": ["SSA-2014-344-04"]}, {"type": "ubuntu", "idList": ["USN-2430-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868664", "OPENVAS:703084", "OPENVAS:1361412562310868584", "OPENVAS:1361412562310850808", "OPENVAS:1361412562310121327", "OPENVAS:1361412562310868582", "OPENVAS:1361412562310868587", "OPENVAS:1361412562310120020", "OPENVAS:1361412562310851015", "OPENVAS:1361412562310868594"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1594-1", "SUSE-SU-2014:1605-1", "SUSE-SU-2014:1694-1"]}, {"type": "freebsd", "idList": ["23AB5C3E-79C3-11E4-8B1E-D050992ECDE8"]}, {"type": "archlinux", "idList": ["ASA-201412-2"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31474", "SECURITYVULNS:VULN:14134"]}, {"type": "debian", "idList": ["DEBIAN:DLA-98-1:63AE5", "DEBIAN:DSA-3084-1:C9282"]}, {"type": "amazon", "idList": ["ALAS-2014-459"]}, {"type": "gentoo", "idList": ["GLSA-201412-41"]}, {"type": "fedora", "idList": ["FEDORA:36D6460BC2C2", "FEDORA:67548608776B", "FEDORA:3E7766087647", "FEDORA:6D9C260CA22B", "FEDORA:3CFB860BC98F"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-246.NASL", "DEBIAN_DLA-98.NASL", "FEDORA_2014-16234.NASL", "MANDRIVA_MDVSA-2015-139.NASL", "DEBIAN_DSA-3084.NASL", "FREEBSD_PKG_23AB5C3E79C311E48B1ED050992ECDE8.NASL", "FEDORA_2014-16060.NASL", "OPENVPN_2_3_6.NASL", "ALA_ALAS-2014-459.NASL", "FEDORA_2014-16273.NASL"]}], "modified": "2021-01-20T12:28:05", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-01-20T12:28:05", "rev": 2}, "vulnersScore": 6.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-759.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79821);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8104\");\n\n script_name(english:\"openSUSE Security Update : openvpn (openSUSE-SU-2014:1594-1)\");\n script_summary(english:\"Check for the openSUSE-2014-759 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openvpn was updated to fix a denial-of-service vulnerability where an\nauthenticated client could stop the server by triggering a server-side\nASSERT (bnc#907764,CVE-2014-8104),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openvpn packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvpn-auth-pam-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvpn-auth-pam-plugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvpn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvpn-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvpn-down-root-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvpn-down-root-plugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openvpn-2.2.2-9.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openvpn-auth-pam-plugin-2.2.2-9.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openvpn-auth-pam-plugin-debuginfo-2.2.2-9.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openvpn-debuginfo-2.2.2-9.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openvpn-debugsource-2.2.2-9.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openvpn-down-root-plugin-2.2.2-9.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openvpn-down-root-plugin-debuginfo-2.2.2-9.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvpn-2.3.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvpn-auth-pam-plugin-2.3.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvpn-auth-pam-plugin-debuginfo-2.3.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvpn-debuginfo-2.3.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvpn-debugsource-2.3.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvpn-down-root-plugin-2.3.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvpn-down-root-plugin-debuginfo-2.3.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openvpn-2.3.4-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openvpn-auth-pam-plugin-2.3.4-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openvpn-auth-pam-plugin-debuginfo-2.3.4-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openvpn-debuginfo-2.3.4-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openvpn-debugsource-2.3.4-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openvpn-down-root-plugin-2.3.4-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openvpn-down-root-plugin-debuginfo-2.3.4-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openvpn / openvpn-auth-pam-plugin / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "79821", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:openvpn-debuginfo", "p-cpe:/a:novell:opensuse:openvpn-debugsource", "p-cpe:/a:novell:opensuse:openvpn", "p-cpe:/a:novell:opensuse:openvpn-auth-pam-plugin-debuginfo", "p-cpe:/a:novell:opensuse:openvpn-down-root-plugin", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:openvpn-down-root-plugin-debuginfo", "p-cpe:/a:novell:opensuse:openvpn-auth-pam-plugin", "cpe:/o:novell:opensuse:13.1"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T12:01:22", "description": "OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.", "edition": 4, "cvss3": {}, "published": "2014-12-03T18:59:00", "title": "CVE-2014-8104", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8104"], "modified": "2020-05-12T14:21:00", "cpe": ["cpe:/a:openvpn:openvpn_access_server:2.0.8", "cpe:/a:openvpn:openvpn:2.0_rc2", "cpe:/a:openvpn:openvpn:2.0.1_rc1", "cpe:/a:openvpn:openvpn:2.1.1", "cpe:/a:openvpn:openvpn:2.2.0", "cpe:/a:openvpn:openvpn_access_server:2.0.10", "cpe:/a:openvpn:openvpn:2.0_rc20", "cpe:/a:openvpn:openvpn:2.0_test18", "cpe:/a:openvpn:openvpn:2.0.9", "cpe:/a:openvpn:openvpn:2.0_test23", "cpe:/a:openvpn:openvpn:2.0_test10", "cpe:/a:openvpn:openvpn:2.0_test22", "cpe:/a:openvpn:openvpn:2.1", "cpe:/a:openvpn:openvpn:2.0_rc7", "cpe:/a:openvpn:openvpn_access_server:2.0.5", "cpe:/a:openvpn:openvpn_access_server:2.0.2", "cpe:/a:openvpn:openvpn:2.2", "cpe:/a:openvpn:openvpn:2.0_rc3", "cpe:/a:openvpn:openvpn:2.0_test26", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:openvpn:openvpn:2.0.1_rc4", "cpe:/a:openvpn:openvpn:2.3.5", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:openvpn:openvpn:2.2.1", "cpe:/a:openvpn:openvpn:2.0.3_rc1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:openvpn:openvpn:2.0_rc12", "cpe:/a:openvpn:openvpn:2.0.4", "cpe:/a:openvpn:openvpn:2.0_test7", "cpe:/a:openvpn:openvpn:2.0_rc8", "cpe:/a:openvpn:openvpn:2.0_test20", "cpe:/a:openvpn:openvpn:2.0_test16", "cpe:/a:openvpn:openvpn:2.3.0", "cpe:/a:openvpn:openvpn:2.0_test29", "cpe:/a:openvpn:openvpn:2.0_test4", "cpe:/a:openvpn:openvpn:2.0_rc10", "cpe:/a:openvpn:openvpn:2.0_rc14", "cpe:/a:openvpn:openvpn:2.0_rc1", "cpe:/a:openvpn:openvpn:2.0_rc4", "cpe:/a:openvpn:openvpn:2.3.4", "cpe:/a:openvpn:openvpn:2.0_test11", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:openvpn:openvpn:2.1.2", "cpe:/a:openvpn:openvpn_access_server:2.0.3", "cpe:/a:openvpn:openvpn:2.0_rc21", "cpe:/a:openvpn:openvpn:2.0_test6", "cpe:/a:openvpn:openvpn:2.0.1_rc3", "cpe:/a:openvpn:openvpn:2.0_rc11", "cpe:/a:openvpn:openvpn:2.0_rc5", "cpe:/a:openvpn:openvpn:2.0.2_rc1", "cpe:/a:openvpn:openvpn:2.0_rc19", "cpe:/a:openvpn:openvpn:2.0_test28", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/a:openvpn:openvpn:2.0_rc6", "cpe:/a:openvpn:openvpn:2.0_test19", "cpe:/a:openvpn:openvpn:2.0_test1", "cpe:/a:openvpn:openvpn:2.3.1", "cpe:/a:openvpn:openvpn:2.3", "cpe:/a:openvpn:openvpn:2.0_test25", "cpe:/a:openvpn:openvpn:2.3.3", "cpe:/a:openvpn:openvpn:2.1.3", "cpe:/a:openvpn:openvpn:2.0_test9", "cpe:/o:mageia:mageia:4.0", "cpe:/a:openvpn:openvpn:2.0_test24", "cpe:/a:openvpn:openvpn:2.1.0", "cpe:/a:openvpn:openvpn:2.1.4", "cpe:/a:openvpn:openvpn:2.0_rc9", "cpe:/a:openvpn:openvpn:2.0_rc15", "cpe:/a:openvpn:openvpn:2.0_test8", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:openvpn:openvpn:2.2.2", "cpe:/a:openvpn:openvpn:2.0_test5", "cpe:/a:openvpn:openvpn:2.0.1_rc6", "cpe:/a:openvpn:openvpn:2.0_test17", "cpe:/a:openvpn:openvpn:2.0.1_rc7", "cpe:/a:openvpn:openvpn:2.0_test2", "cpe:/a:openvpn:openvpn:2.0.6_rc1", "cpe:/a:openvpn:openvpn:2.0_test12", "cpe:/a:openvpn:openvpn:2.0_test14", "cpe:/a:openvpn:openvpn:2.0.1_rc5", "cpe:/a:openvpn:openvpn_access_server:2.0.6", "cpe:/a:openvpn:openvpn:2.0_rc17", "cpe:/o:opensuse:opensuse:12.3", "cpe:/a:openvpn:openvpn:2.0.1_rc2", "cpe:/a:openvpn:openvpn:2.3.2", "cpe:/a:openvpn:openvpn_access_server:2.0.7", "cpe:/a:openvpn:openvpn:2.0_rc18", "cpe:/a:openvpn:openvpn:2.0_test21", "cpe:/a:openvpn:openvpn:2.0_rc16", "cpe:/a:openvpn:openvpn_access_server:2.0.0", "cpe:/a:openvpn:openvpn:2.0_test15", "cpe:/a:openvpn:openvpn_access_server:2.0.1", "cpe:/a:openvpn:openvpn:2.0_test3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:openvpn:openvpn:2.0_rc13", "cpe:/a:openvpn:openvpn:2.0_test27"], "id": "CVE-2014-8104", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8104", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openvpn:openvpn_access_server:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc10:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.3_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test14:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test29:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_20:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_4:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test26:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_14:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-16:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_12:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc7:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc12:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test5:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test17:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test10:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc20:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test6:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_2:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test20:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn_access_server:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc21:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test16:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test8:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.1_rc7:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-3:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test4:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc8:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn_access_server:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test22:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_3:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.2:beta4:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_13:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-11:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test21:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.6_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_7:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-10:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.1_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_8:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-9:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test23:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3:alpha3:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.1_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn_access_server:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-6:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test18:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_15:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test7:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_18:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test3:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-15:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-1:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-12:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc19:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-7:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-4:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test24:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.1_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.1_rc6:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_17:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test11:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc18:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.1_rc5:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn_access_server:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc13:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc15:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-13:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_6:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test12:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc5:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test25:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_19:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_5:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_11:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.2_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.2:beta5:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0.1_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_16:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc14:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc16:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn_access_server:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test2:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-14:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc9:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc17:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc11:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_9:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-5:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test19:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-8:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:beta-2:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_rc6:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_1:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn_access_server:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_22:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_21:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test9:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test28:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test15:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.0_test27:*:*:*:*:*:*:*", "cpe:2.3:a:openvpn:openvpn:2.1:rc_10:*:*:*:*:*:*"]}], "slackware": [{"lastseen": "2020-10-25T16:36:00", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openvpn-2.3.6-i486-1_slack14.1.txz: Upgraded.\n This update fixes a security issue that allows remote authenticated\n users to cause a denial of service (server crash) via a small control\n channel packet.\n For more information, see:\n https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openvpn-2.3.6-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openvpn-2.3.6-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openvpn-2.3.6-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openvpn-2.3.6-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openvpn-2.3.6-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openvpn-2.3.6-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openvpn-2.3.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openvpn-2.3.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openvpn-2.3.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openvpn-2.3.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openvpn-2.3.6-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openvpn-2.3.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\nd549489acb7595e4a9fc0554623693f9 openvpn-2.3.6-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8231ac619e17dc4bef21fb127449d164 openvpn-2.3.6-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne14d11e7b35a2dbf39ec6be05e0b6d10 openvpn-2.3.6-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n178da05a1985650ea9fca1cc6d30c940 openvpn-2.3.6-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ncf969bbffa86267a8e6fd7867a3eeda5 openvpn-2.3.6-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\ne52fdab74c64d64096916e61bc90d8e2 openvpn-2.3.6-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n1f99660fa456c8f8130fae7b600b1390 openvpn-2.3.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n59c46e1c2366c7e02ce85e2e2ce0de73 openvpn-2.3.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n5b3137fdb321c8110e2996eb5d65af10 openvpn-2.3.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n65aa55349ea3ac83aa499442d24b6ff5 openvpn-2.3.6-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nffc8b351685e765b10018ad8f86589a0 n/openvpn-2.3.6-i486-1.txz\n\nSlackware x86_64 -current package:\n6389d4f64e0103b9850f437e60c73166 n/openvpn-2.3.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg openvpn-2.3.6-i486-1_slack14.1.txz", "modified": "2014-12-11T04:12:09", "published": "2014-12-11T04:12:09", "id": "SSA-2014-344-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.514137", "type": "slackware", "title": "[slackware-security] openvpn", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "Dragana Damjanovic discovered that OpenVPN incorrectly handled certain \ncontrol channel packets. An authenticated attacker could use this issue to \ncause an OpenVPN server to crash, resulting in a denial of service.", "edition": 5, "modified": "2014-12-02T00:00:00", "published": "2014-12-02T00:00:00", "id": "USN-2430-1", "href": "https://ubuntu.com/security/notices/USN-2430-1", "title": "OpenVPN vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2020-03-17T23:01:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120020", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-459)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120020\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:15:13 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-459)\");\n script_tag(name:\"insight\", value:\"OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.\");\n script_tag(name:\"solution\", value:\"Run yum update openvpn to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-459.html\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debuginfo\", rpm:\"openvpn-debuginfo~2.3.6~1.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn\", rpm:\"openvpn~2.3.6~1.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "Check the version of pkcs11-helper", "modified": "2019-03-15T00:00:00", "published": "2014-12-14T00:00:00", "id": "OPENVAS:1361412562310868582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868582", "type": "openvas", "title": "Fedora Update for pkcs11-helper FEDORA-2014-16273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pkcs11-helper FEDORA-2014-16273\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868582\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 05:56:19 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"Fedora Update for pkcs11-helper FEDORA-2014-16273\");\n script_tag(name:\"summary\", value:\"Check the version of pkcs11-helper\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pkcs11-helper on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16273\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146072.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"pkcs11-helper\", rpm:\"pkcs11-helper~1.11~3.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "Check the version of openvpn", "modified": "2019-03-15T00:00:00", "published": "2014-12-14T00:00:00", "id": "OPENVAS:1361412562310868594", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868594", "type": "openvas", "title": "Fedora Update for openvpn FEDORA-2014-16234", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvpn FEDORA-2014-16234\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868594\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 06:04:20 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"Fedora Update for openvpn FEDORA-2014-16234\");\n script_tag(name:\"summary\", value:\"Check the version of openvpn\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openvpn on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16234\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvpn\", rpm:\"openvpn~2.3.6~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "Check the version of openvpn", "modified": "2019-03-15T00:00:00", "published": "2014-12-14T00:00:00", "id": "OPENVAS:1361412562310868587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868587", "type": "openvas", "title": "Fedora Update for openvpn FEDORA-2014-16273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvpn FEDORA-2014-16273\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868587\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 06:03:08 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"Fedora Update for openvpn FEDORA-2014-16273\");\n script_tag(name:\"summary\", value:\"Check the version of openvpn\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openvpn on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16273\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146073.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvpn\", rpm:\"openvpn~2.3.6~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868664", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868664", "type": "openvas", "title": "Fedora Update for openvpn FEDORA-2014-16060", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvpn FEDORA-2014-16060\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868664\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:40:45 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"Fedora Update for openvpn FEDORA-2014-16060\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openvpn'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openvpn on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16060\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145833.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvpn\", rpm:\"openvpn~2.3.6~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2017-08-02T10:49:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "Dragana Damjanovic discovered that\nan authenticated client could crash an OpenVPN server by sending a control packe\n containing less than four bytes as payload.", "modified": "2017-07-18T00:00:00", "published": "2014-12-01T00:00:00", "id": "OPENVAS:703084", "href": "http://plugins.openvas.org/nasl.php?oid=703084", "type": "openvas", "title": "Debian Security Advisory DSA 3084-1 (openvpn - security update)", "sourceData": "#########################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3084.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 3084-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n##############################################################################\n\nif(description)\n{\n script_id(703084);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2014-8104\");\n script_name(\"Debian Security Advisory DSA 3084-1 (openvpn - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-01 00:00:00 +0100 (Mon, 01 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3084.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openvpn on Debian Linux\");\n script_tag(name: \"insight\", value: \"OpenVPN is an application to securely\ntunnel IP networks over a single UDP or TCP port. It can be used to access remote\nsites, make secure point-to-point connections, enhance wireless security, etc.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 2.2.1-8+deb7u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.4-5.\n\nWe recommend that you upgrade your openvpn packages.\");\n script_tag(name: \"summary\", value: \"Dragana Damjanovic discovered that\nan authenticated client could crash an OpenVPN server by sending a control packe\n containing less than four bytes as payload.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openvpn\", ver:\"2.2.1-8+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:38:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851015", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851015", "type": "openvas", "title": "SUSE: Security Advisory for openvpn (SUSE-SU-2014:1694-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851015\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 16:51:34 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for openvpn (SUSE-SU-2014:1694-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openvpn'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A remote denial of service attack against openvpn was fixed, where a\n authenticated client cloud stop the server by triggering a server-side\n ASSERT (CVE-2014-8104).\");\n\n script_tag(name:\"affected\", value:\"openvpn on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1694-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"openvpn\", rpm:\"openvpn~2.3.2~11.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debuginfo\", rpm:\"openvpn-debuginfo~2.3.2~11.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debugsource\", rpm:\"openvpn-debugsource~2.3.2~11.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"openvpn\", rpm:\"openvpn~2.3.2~11.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-auth-pam-plugin\", rpm:\"openvpn-auth-pam-plugin~2.3.2~11.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-auth-pam-plugin-debuginfo\", rpm:\"openvpn-auth-pam-plugin-debuginfo~2.3.2~11.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debuginfo\", rpm:\"openvpn-debuginfo~2.3.2~11.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debugsource\", rpm:\"openvpn-debugsource~2.3.2~11.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "Check the version of pkcs11-helper", "modified": "2019-03-15T00:00:00", "published": "2014-12-14T00:00:00", "id": "OPENVAS:1361412562310868584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868584", "type": "openvas", "title": "Fedora Update for pkcs11-helper FEDORA-2014-16234", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pkcs11-helper FEDORA-2014-16234\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868584\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 06:01:50 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"Fedora Update for pkcs11-helper FEDORA-2014-16234\");\n script_tag(name:\"summary\", value:\"Check the version of pkcs11-helper\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pkcs11-helper on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16234\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146030.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"pkcs11-helper\", rpm:\"pkcs11-helper~1.11~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "Gentoo Linux Local Security Checks GLSA 201412-41", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121327", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-41", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-41.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121327\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:22 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-41\");\n script_tag(name:\"insight\", value:\"OpenVPN does not properly handle control channel packets that are too small.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-41\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-41\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/openvpn\", unaffected: make_list(\"ge 2.3.6\"), vulnerable: make_list(\"lt 2.3.6\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:39:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-12-09T00:00:00", "id": "OPENVAS:1361412562310850623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850623", "type": "openvas", "title": "openSUSE: Security Advisory for openvpn (openSUSE-SU-2014:1594-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850623\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-12-09 06:21:25 +0100 (Tue, 09 Dec 2014)\");\n script_cve_id(\"CVE-2014-8104\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_name(\"openSUSE: Security Advisory for openvpn (openSUSE-SU-2014:1594-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openvpn'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"openvpn was updated to fix a denial-of-service\nvulnerability where an authenticated client could stop the server by triggering a\nserver-side ASSERT (bnc#907764, CVE-2014-8104).\");\n\n script_tag(name:\"affected\", value:\"openvpn on openSUSE 13.1, openSUSE 12.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:1594-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"openvpn\", rpm:\"openvpn~2.2.2~9.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-auth-pam-plugin\", rpm:\"openvpn-auth-pam-plugin~2.2.2~9.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-auth-pam-plugin-debuginfo\", rpm:\"openvpn-auth-pam-plugin-debuginfo~2.2.2~9.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debuginfo\", rpm:\"openvpn-debuginfo~2.2.2~9.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debugsource\", rpm:\"openvpn-debugsource~2.2.2~9.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-down-root-plugin\", rpm:\"openvpn-down-root-plugin~2.2.2~9.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-down-root-plugin-debuginfo\", rpm:\"openvpn-down-root-plugin-debuginfo~2.2.2~9.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"openvpn\", rpm:\"openvpn~2.3.2~3.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-auth-pam-plugin\", rpm:\"openvpn-auth-pam-plugin~2.3.2~3.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-auth-pam-plugin-debuginfo\", rpm:\"openvpn-auth-pam-plugin-debuginfo~2.3.2~3.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debuginfo\", rpm:\"openvpn-debuginfo~2.3.2~3.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-debugsource\", rpm:\"openvpn-debugsource~2.3.2~3.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-down-root-plugin\", rpm:\"openvpn-down-root-plugin~2.3.2~3.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvpn-down-root-plugin-debuginfo\", rpm:\"openvpn-down-root-plugin-debuginfo~2.3.2~3.4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "openvpn was updated to fix a denial-of-service vulnerability where an\n authenticated client could stop the server by triggering a server-side\n ASSERT (bnc#907764,CVE-2014-8104),\n\n", "edition": 1, "modified": "2014-12-08T17:06:53", "published": "2014-12-08T17:06:53", "id": "OPENSUSE-SU-2014:1594-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html", "type": "suse", "title": "Security update for openvpn (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:43", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "This update fixes a critical denial of service vulnerability in OpenVPN:\n\n * CVE-2014-8104: Critical denial of service vulnerability in OpenVPN\n servers that can be triggered by authenticated attackers.\n\n Also an incompatibility with OpenVPN and OpenSSL in FIPS mode has been\n fixed. (bnc#895882)\n\n Security Issues:\n\n * CVE-2014-8104\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104</a>>\n\n", "edition": 1, "modified": "2014-12-09T01:04:46", "published": "2014-12-09T01:04:46", "id": "SUSE-SU-2014:1605-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00010.html", "title": "Security update for OpenVPN (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:36:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "A remote denial of service attack against openvpn was fixed, where a\n authenticated client cloud stop the server by triggering a server-side\n ASSERT (CVE-2014-8104),\n\n", "edition": 1, "modified": "2014-12-23T20:04:48", "published": "2014-12-23T20:04:48", "id": "SUSE-SU-2014:1694-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00028.html", "type": "suse", "title": "Security update for openvpn (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "\nThe OpenVPN project reports:\n\nIn late November 2014 Dragana Damjanovic notified OpenVPN\n\t developers of a critical denial of service security vulnerability\n\t (CVE-2014-8104). The vulnerability allows an tls-authenticated\n\t client to crash the server by sending a too-short control channel\n\t packet to the server. In other words this vulnerability is denial\n\t of service only.\n\n", "edition": 4, "modified": "2014-12-01T00:00:00", "published": "2014-12-01T00:00:00", "id": "23AB5C3E-79C3-11E4-8B1E-D050992ECDE8", "href": "https://vuxml.freebsd.org/freebsd/23ab5c3e-79c3-11e4-8b1e-d050992ecde8.html", "title": "OpenVPN -- denial of service security vulnerability", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "It was discovered that an authenticated client could trigger an ASSERT()\nin OpenVPN by sending a too-short control channel packet to the server.\nThis could cause the OpenVPN server to crash and deny access to the VPN\nto other legitimate users.", "modified": "2014-12-02T00:00:00", "published": "2014-12-02T00:00:00", "id": "ASA-201412-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html", "type": "archlinux", "title": "openvpn: denial of service", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-8104"], "description": "DoS after authentication via control characters.", "edition": 1, "modified": "2014-12-02T00:00:00", "published": "2014-12-02T00:00:00", "id": "SECURITYVULNS:VULN:14134", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14134", "title": "OpenVPN DoS", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-8104"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2430-1\r\nDecember 02, 2014\r\n\r\nopenvpn vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nOpenVPN could be made to crash if it received specially crafted network\r\ntraffic.\r\n\r\nSoftware Description:\r\n- openvpn: virtual private network software\r\n\r\nDetails:\r\n\r\nDragana Damjanovic discovered that OpenVPN incorrectly handled certain\r\ncontrol channel packets. An authenticated attacker could use this issue to\r\ncause an OpenVPN server to crash, resulting in a denial of service.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n openvpn 2.3.2-9ubuntu1.1\r\n\r\nUbuntu 14.04 LTS:\r\n openvpn 2.3.2-7ubuntu3.1\r\n\r\nUbuntu 12.04 LTS:\r\n openvpn 2.2.1-8ubuntu1.4\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2430-1\r\n CVE-2014-8104\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/openvpn/2.3.2-9ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/openvpn/2.3.2-7ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/openvpn/2.2.1-8ubuntu1.4\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-12-02T00:00:00", "published": "2014-12-02T00:00:00", "id": "SECURITYVULNS:DOC:31474", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31474", "title": "[USN-2430-1] OpenVPN vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:23:03", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3084-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nDecember 01, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openvpn\nCVE ID : CVE-2014-8104\n\nDragana Damjanovic discovered that an authenticated client could crash\nan OpenVPN server by sending a control packet containing less than\nfour bytes as payload.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.2.1-8+deb7u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.4-5.\n\nWe recommend that you upgrade your openvpn packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2014-12-01T20:28:04", "published": "2014-12-01T20:28:04", "id": "DEBIAN:DSA-3084-1:C9282", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00274.html", "title": "[SECURITY] [DSA 3084-1] openvpn security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T02:22:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "Package : openvpn\nVersion : 2.1.3-2+squeeze3\nCVE ID : CVE-2014-8104\n\nDragana Damjanovic discovered that an authenticated client could crash\nan OpenVPN server by sending a control packet containing less than\nfour bytes as payload.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.3-2+squeeze3 in squeeze-lts.\n\nWe recommend that you upgrade your openvpn packages.\n\n", "edition": 2, "modified": "2014-12-02T21:35:58", "published": "2014-12-02T21:35:58", "id": "DEBIAN:DLA-98-1:63AE5", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00000.html", "title": "[SECURITY] [DLA 98-1] openvpn security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "**Issue Overview:**\n\nOpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.\n\n \n**Affected Packages:** \n\n\nopenvpn\n\n \n**Issue Correction:** \nRun _yum update openvpn_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openvpn-debuginfo-2.3.6-1.12.amzn1.i686 \n openvpn-2.3.6-1.12.amzn1.i686 \n \n src: \n openvpn-2.3.6-1.12.amzn1.src \n \n x86_64: \n openvpn-debuginfo-2.3.6-1.12.amzn1.x86_64 \n openvpn-2.3.6-1.12.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-12-10T13:25:00", "published": "2014-12-10T13:25:00", "id": "ALAS-2014-459", "href": "https://alas.aws.amazon.com/ALAS-2014-459.html", "title": "Medium: openvpn", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "### Background\n\nOpenVPN is a multi-platform, full-featured SSL VPN solution.\n\n### Description\n\nOpenVPN does not properly handle control channel packets that are too small. \n\n### Impact\n\nA remote authenticated attacker could send a specially crafted control channel packet, possibly resulting in a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenVPN users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openvpn-2.3.6\"", "edition": 1, "modified": "2014-12-26T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-41", "href": "https://security.gentoo.org/glsa/201412-41", "type": "gentoo", "title": "OpenVPN: Denial of Service", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for compression. ", "modified": "2014-12-13T09:43:06", "published": "2014-12-13T09:43:06", "id": "FEDORA:6D9C260CA22B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: openvpn-2.3.6-1.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for compression. ", "modified": "2014-12-12T04:14:16", "published": "2014-12-12T04:14:16", "id": "FEDORA:3CFB860BC98F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: openvpn-2.3.6-1.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications using a simple API and optional OpenSSL engine. The library allows using multiple PKCS#11 providers at the same tim e, enumerating available token certificates, or selecting a certificate direct ly by serialized id, handling card removal and card insert events, handling ca rd re-insert to a different slot, supporting session expiration and much more all using a simple API. ", "modified": "2014-12-13T09:38:24", "published": "2014-12-13T09:38:24", "id": "FEDORA:3E7766087647", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: pkcs11-helper-1.11-3.fc19", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications using a simple API and optional OpenSSL engine. The library allows using multiple PKCS#11 providers at the same tim e, enumerating available token certificates, or selecting a certificate direct ly by serialized id, handling card removal and card insert events, handling ca rd re-insert to a different slot, supporting session expiration and much more all using a simple API. ", "modified": "2014-12-13T09:43:05", "published": "2014-12-13T09:43:05", "id": "FEDORA:36D6460BC2C2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: pkcs11-helper-1.11-3.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8104"], "description": "OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for compression. ", "modified": "2014-12-13T09:38:25", "published": "2014-12-13T09:38:25", "id": "FEDORA:67548608776B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: openvpn-2.3.6-1.fc19", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-01T04:33:12", "description": "According to its self-reported version number, the version of OpenVPN\ninstalled on the remote host is affected by an error related to\n'Control Channel Packet' handling and TLS-authenticated clients that\ncould allow denial of service attacks.", "edition": 25, "published": "2014-12-05T00:00:00", "title": "OpenVPN 2.x < 2.2.3 / 2.3.6 Control Channel Packet Handling DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openvpn:openvpn"], "id": "OPENVPN_2_3_6.NASL", "href": "https://www.tenable.com/plugins/nessus/79746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79746);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-8104\");\n script_bugtraq_id(71402);\n\n script_name(english:\"OpenVPN 2.x < 2.2.3 / 2.3.6 Control Channel Packet Handling DoS\");\n script_summary(english:\"Checks the OpenVPN version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application on the remote host is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of OpenVPN\ninstalled on the remote host is affected by an error related to\n'Control Channel Packet' handling and TLS-authenticated clients that\ncould allow denial of service attacks.\");\n # https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f3c40e7\");\n # https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30efbb49\");\n # https://openvpn.net/community-resources/changelog-for-openvpn-2-0/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6534e9a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenVPN 2.2.3 / 2.3.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openvpn:openvpn\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openvpn_installed.nbin\");\n script_require_keys(\"installed_sw/OpenVPN\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"OpenVPN\";\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nif (version =~ \"^2(\\.[23])?$\") audit(AUDIT_VER_NOT_GRANULAR, \"OpenVPN\", version);\nif (version !~ \"^2\\.[0-3][^0-9]\") audit(AUDIT_NOT_INST, \"OpenVPN 2.0.x - 2.3.x\");\n\n# Only check and report < 2.3.x if paranoid scan\nif (\n (\n report_paranoia > 1\n &&\n (\n # < 2.x\n version =~ \"^[0-1]($|[^0-9])\" ||\n # 2.0.x / 2.1.x (including alpha/beta/RC)\n version =~ \"^2\\.[01]($|[^0-9])\" ||\n # 2.2.x < 2.2.3\n version =~ \"^2\\.2-(alpha|beta|RC)(\\d+)?($|[^0-9])\" ||\n version =~ \"^2\\.2\\.[0-2]($|[^0-9])\"\n )\n )\n ||\n # 2.3.x < 2.3.6\n version =~ \"^2\\.3\\.[0-5]($|[^0-9])\"\n)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report = '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.3.6 / 2.2.3' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"OpenVPN\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:12:21", "description": "Fix for CVE-2014-8104.\n\nhttps://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e\n732b\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-12-15T00:00:00", "title": "Fedora 20 : openvpn-2.3.6-1.fc20 / pkcs11-helper-1.11-3.fc20 (2014-16273)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:pkcs11-helper", "p-cpe:/a:fedoraproject:fedora:openvpn"], "id": "FEDORA_2014-16273.NASL", "href": "https://www.tenable.com/plugins/nessus/79930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16273.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79930);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8104\");\n script_xref(name:\"FEDORA\", value:\"2014-16273\");\n\n script_name(english:\"Fedora 20 : openvpn-2.3.6-1.fc20 / pkcs11-helper-1.11-3.fc20 (2014-16273)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-8104.\n\nhttps://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e\n732b\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169488\"\n );\n # https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f3c40e7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146072.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4eef1da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146073.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f083f509\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openvpn and / or pkcs11-helper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pkcs11-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openvpn-2.3.6-1.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"pkcs11-helper-1.11-3.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openvpn / pkcs11-helper\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T11:51:45", "description": "Updated openvpn packages fix security vulnerability :\n\nDragana Damjanovic discovered that OpenVPN incorrectly handled certain\ncontrol channel packets. An authenticated attacker could use this\nissue to cause an OpenVPN server to crash, resulting in a denial of\nservice (CVE-2014-8104).", "edition": 24, "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : openvpn (MDVSA-2015:139)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2015-03-30T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:openvpn", "p-cpe:/a:mandriva:linux:lib64openvpn-devel"], "id": "MANDRIVA_MDVSA-2015-139.NASL", "href": "https://www.tenable.com/plugins/nessus/82392", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:139. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82392);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8104\");\n script_xref(name:\"MDVSA\", value:\"2015:139\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openvpn (MDVSA-2015:139)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openvpn packages fix security vulnerability :\n\nDragana Damjanovic discovered that OpenVPN incorrectly handled certain\ncontrol channel packets. An authenticated attacker could use this\nissue to cause an OpenVPN server to crash, resulting in a denial of\nservice (CVE-2014-8104).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0512.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lib64openvpn-devel and / or openvpn packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openvpn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64openvpn-devel-2.3.2-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"openvpn-2.3.2-10.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:41:47", "description": "This update fixes a critical denial of service vulnerability in\nOpenVPN :\n\n - Critical denial of service vulnerability in OpenVPN\n servers that can be triggered by authenticated\n attackers. Also an incompatibility with OpenVPN and\n OpenSSL in FIPS mode has been fixed. (bnc#895882).\n (CVE-2014-8104)", "edition": 17, "published": "2014-12-09T00:00:00", "title": "SuSE 11.3 Security Update : OpenVPN (SAT Patch Number 10061)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2014-12-09T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:openvpn", "p-cpe:/a:novell:suse_linux:11:openvpn-auth-pam-plugin"], "id": "SUSE_11_OPENVPN-141203.NASL", "href": "https://www.tenable.com/plugins/nessus/79822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79822);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8104\");\n\n script_name(english:\"SuSE 11.3 Security Update : OpenVPN (SAT Patch Number 10061)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a critical denial of service vulnerability in\nOpenVPN :\n\n - Critical denial of service vulnerability in OpenVPN\n servers that can be triggered by authenticated\n attackers. Also an incompatibility with OpenVPN and\n OpenSSL in FIPS mode has been fixed. (bnc#895882).\n (CVE-2014-8104)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=895882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8104.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10061.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openvpn-auth-pam-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openvpn-2.0.9-143.44.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openvpn-2.0.9-143.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openvpn-2.0.9-143.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openvpn-auth-pam-plugin-2.0.9-143.44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:43:51", "description": "A remote denial of service attack against openvpn was fixed, where a\nauthenticated client cloud stop the server by triggering a server-side\nASSERT (CVE-2014-8104),\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2015-05-20T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : openvpn (SUSE-SU-2014:1694-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2015-05-20T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:openvpn-debugsource", "p-cpe:/a:novell:suse_linux:openvpn-auth-pam-plugin", "p-cpe:/a:novell:suse_linux:openvpn-debuginfo", "p-cpe:/a:novell:suse_linux:openvpn", "p-cpe:/a:novell:suse_linux:openvpn-auth-pam-plugin-debuginfo"], "id": "SUSE_SU-2014-1694-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83652", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1694-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83652);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8104\");\n script_bugtraq_id(71402);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openvpn (SUSE-SU-2014:1694-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A remote denial of service attack against openvpn was fixed, where a\nauthenticated client cloud stop the server by triggering a server-side\nASSERT (CVE-2014-8104),\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8104/\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141694-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44845893\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2014-120\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2014-120\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openvpn-auth-pam-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openvpn-auth-pam-plugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openvpn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openvpn-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openvpn-2.3.2-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openvpn-auth-pam-plugin-2.3.2-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openvpn-auth-pam-plugin-debuginfo-2.3.2-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openvpn-debuginfo-2.3.2-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openvpn-debugsource-2.3.2-11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openvpn-2.3.2-11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openvpn-debuginfo-2.3.2-11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openvpn-debugsource-2.3.2-11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openvpn\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T11:54:49", "description": "Updated openvpn packages fix security vulnerability :\n\nDragana Damjanovic discovered that OpenVPN incorrectly handled certain\ncontrol channel packets. An authenticated attacker could use this\nissue to cause an OpenVPN server to crash, resulting in a denial of\nservice (CVE-2014-8104).\n\nThe openvpn packages has been updated to the 2.3.2 version and patched\nto correct this issue.", "edition": 24, "published": "2014-12-15T00:00:00", "title": "Mandriva Linux Security Advisory : openvpn (MDVSA-2014:246)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:openvpn", "p-cpe:/a:mandriva:linux:lib64openvpn-devel"], "id": "MANDRIVA_MDVSA-2014-246.NASL", "href": "https://www.tenable.com/plugins/nessus/79991", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:246. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79991);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8104\");\n script_bugtraq_id(71402);\n script_xref(name:\"MDVSA\", value:\"2014:246\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openvpn (MDVSA-2014:246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openvpn packages fix security vulnerability :\n\nDragana Damjanovic discovered that OpenVPN incorrectly handled certain\ncontrol channel packets. An authenticated attacker could use this\nissue to cause an OpenVPN server to crash, resulting in a denial of\nservice (CVE-2014-8104).\n\nThe openvpn packages has been updated to the 2.3.2 version and patched\nto correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0512.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lib64openvpn-devel and / or openvpn packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openvpn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openvpn-devel-2.3.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openvpn-2.3.2-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:56:46", "description": "The remote host is affected by the vulnerability described in GLSA-201412-41\n(OpenVPN: Denial of Service)\n\n OpenVPN does not properly handle control channel packets that are too\n small.\n \nImpact :\n\n A remote authenticated attacker could send a specially crafted control\n channel packet, possibly resulting in a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-12-29T00:00:00", "title": "GLSA-201412-41 : OpenVPN: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2014-12-29T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:openvpn"], "id": "GENTOO_GLSA-201412-41.NASL", "href": "https://www.tenable.com/plugins/nessus/80262", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-41.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80262);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8104\");\n script_bugtraq_id(71402);\n script_xref(name:\"GLSA\", value:\"201412-41\");\n\n script_name(english:\"GLSA-201412-41 : OpenVPN: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-41\n(OpenVPN: Denial of Service)\n\n OpenVPN does not properly handle control channel packets that are too\n small.\n \nImpact :\n\n A remote authenticated attacker could send a specially crafted control\n channel packet, possibly resulting in a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenVPN users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openvpn-2.3.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/openvpn\", unaffected:make_list(\"ge 2.3.6\"), vulnerable:make_list(\"lt 2.3.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenVPN\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:40:39", "description": "The OpenVPN project reports :\n\nIn late November 2014 Dragana Damjanovic notified OpenVPN developers\nof a critical denial of service security vulnerability\n(CVE-2014-8104). The vulnerability allows an tls-authenticated client\nto crash the server by sending a too-short control channel packet to\nthe server. In other words this vulnerability is denial of service\nonly.", "edition": 21, "published": "2014-12-02T00:00:00", "title": "FreeBSD : OpenVPN -- denial of service security vulnerability (23ab5c3e-79c3-11e4-8b1e-d050992ecde8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2014-12-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:openvpn"], "id": "FREEBSD_PKG_23AB5C3E79C311E48B1ED050992ECDE8.NASL", "href": "https://www.tenable.com/plugins/nessus/79656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79656);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8104\");\n\n script_name(english:\"FreeBSD : OpenVPN -- denial of service security vulnerability (23ab5c3e-79c3-11e4-8b1e-d050992ecde8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenVPN project reports :\n\nIn late November 2014 Dragana Damjanovic notified OpenVPN developers\nof a critical denial of service security vulnerability\n(CVE-2014-8104). The vulnerability allows an tls-authenticated client\nto crash the server by sending a too-short control channel packet to\nthe server. In other words this vulnerability is denial of service\nonly.\"\n );\n # https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f3c40e7\"\n );\n # https://vuxml.freebsd.org/freebsd/23ab5c3e-79c3-11e4-8b1e-d050992ecde8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23b144ca\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openvpn<2.0.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openvpn>=2.1.0<2.2.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openvpn>=2.3.0<2.3.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:48:51", "description": "Dragana Damjanovic discovered that an authenticated client could crash\nan OpenVPN server by sending a control packet containing less than\nfour bytes as payload.", "edition": 14, "published": "2014-12-03T00:00:00", "title": "Debian DSA-3084-1 : openvpn - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2014-12-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openvpn", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3084.NASL", "href": "https://www.tenable.com/plugins/nessus/79669", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3084. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79669);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8104\");\n script_xref(name:\"DSA\", value:\"3084\");\n\n script_name(english:\"Debian DSA-3084-1 : openvpn - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dragana Damjanovic discovered that an authenticated client could crash\nan OpenVPN server by sending a control packet containing less than\nfour bytes as payload.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openvpn\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3084\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openvpn packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.2.1-8+deb7u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"openvpn\", reference:\"2.2.1-8+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:44:32", "description": "Dragana Damjanovic discovered that an authenticated client could crash\nan OpenVPN server by sending a control packet containing less than\nfour bytes as payload.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.1.3-2+squeeze3 in squeeze-lts.\n\nWe recommend that you upgrade your openvpn packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 13, "published": "2015-03-26T00:00:00", "title": "Debian DLA-98-1 : openvpn security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8104"], "modified": "2015-03-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:openvpn"], "id": "DEBIAN_DLA-98.NASL", "href": "https://www.tenable.com/plugins/nessus/82243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-98-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82243);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8104\");\n script_bugtraq_id(71402);\n\n script_name(english:\"Debian DLA-98-1 : openvpn security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dragana Damjanovic discovered that an authenticated client could crash\nan OpenVPN server by sending a control packet containing less than\nfour bytes as payload.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.1.3-2+squeeze3 in squeeze-lts.\n\nWe recommend that you upgrade your openvpn packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/openvpn\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected openvpn package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"openvpn\", reference:\"2.1.3-2+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}]}