Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3339-1.NASL
HistoryJun 23, 2017 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS : OpenVPN vulnerabilities (USN-3339-1)

2017-06-2300:00:00
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6329)

It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2017-7479)

Guido Vranken discovered that OpenVPN incorrectly handled certain malformed IPv6 packets. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service.
(CVE-2017-7508)

Guido Vranken discovered that OpenVPN incorrectly handled memory. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7512)

Guido Vranken discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication. A remote attacker could use this issue to cause OpenVPN clients to crash, resulting in a denial of service, or possibly expose sensitive memory contents. (CVE-2017-7520)

Guido Vranken discovered that OpenVPN incorrectly handled certain x509 extensions. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7521).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3339-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(101024);
  script_version("3.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2016-6329",
    "CVE-2017-7479",
    "CVE-2017-7508",
    "CVE-2017-7512",
    "CVE-2017-7520",
    "CVE-2017-7521"
  );
  script_xref(name:"USN", value:"3339-1");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : OpenVPN vulnerabilities (USN-3339-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block
ciphers are vulnerable to a birthday attack. A remote attacker could
possibly use this issue to recover cleartext data. Fixing this issue
requires a configuration change to switch to a different cipher. This
update adds a warning to the log file when a 64-bit block cipher is in
use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 16.10. (CVE-2016-6329)

It was discovered that OpenVPN incorrectly handled rollover of packet
ids. An authenticated remote attacker could use this issue to cause
OpenVPN to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2017-7479)

Guido Vranken discovered that OpenVPN incorrectly handled certain
malformed IPv6 packets. A remote attacker could use this issue to
cause OpenVPN to crash, resulting in a denial of service.
(CVE-2017-7508)

Guido Vranken discovered that OpenVPN incorrectly handled memory. A
remote attacker could use this issue to cause OpenVPN to crash,
resulting in a denial of service. (CVE-2017-7512)

Guido Vranken discovered that OpenVPN incorrectly handled an HTTP
proxy with NTLM authentication. A remote attacker could use this issue
to cause OpenVPN clients to crash, resulting in a denial of service,
or possibly expose sensitive memory contents. (CVE-2017-7520)

Guido Vranken discovered that OpenVPN incorrectly handled certain x509
extensions. A remote attacker could use this issue to cause OpenVPN to
crash, resulting in a denial of service. (CVE-2017-7521).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3339-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected openvpn package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7512");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openvpn");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'openvpn', 'pkgver': '2.3.2-7ubuntu3.2'},
    {'osver': '16.04', 'pkgname': 'openvpn', 'pkgver': '2.3.10-1ubuntu2.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openvpn');
}
VendorProductVersionCPE
canonicalubuntu_linuxopenvpnp-cpe:/a:canonical:ubuntu_linux:openvpn
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts

Related

ubuntu 3
openvas 27
mageia 3
nessus 30
debian 6
archlinux 2
slackware 1
suse 6
fedora 9
freebsd 2
osv 8
f5 4
redhatcve 5
amazon 2
hackerone 1
thn 1
altlinux 2
prion 6
cve 6
ubuntucve 6
veracode 2
debiancve 5
alpinelinux 1
gentoo 1
threatpost 2
ibm 6
symantec 1
fortinet 1
ics 1
redhat 1
kitploit 1
ubuntu
ubuntu
OpenVPN vulnerabilities
2017-06-22 00:00:00
OpenVPN vulnerability
2017-08-07 00:00:00
OpenVPN vulnerabilities
2017-05-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3339-1)
2017-06-23 00:00:00
Debian Security Advisory DSA 3900-1 (openvpn - security update)
2017-06-27 00:00:00
Debian: Security Advisory (DSA-3900-1)
2017-06-26 00:00:00
mageia
mageia
Updated openvpn packages fix security vulnerabilities
2017-07-28 21:12:15
Updated openvpn packages fix security vulnerability
2016-09-16 12:27:13
Updated openvpn packages fix security vulnerability
2017-06-02 00:25:58
nessus
nessus
Debian DSA-3900-1 : openvpn - security update
2017-06-28 00:00:00
openSUSE Security Update : openvpn (openSUSE-2017-730)
2017-06-30 00:00:00
Fedora 25 : openvpn (2017-0639fb1490)
2017-06-26 00:00:00
debian
debian
[SECURITY] [DSA 3900-1] openvpn security update
2017-06-27 19:51:56
[SECURITY] [DSA 3900-1] openvpn security update
2017-06-27 19:51:56
[BSA-116] Security Update for openvpn
2017-07-05 07:52:52
archlinux
archlinux
[ASA-201706-27] openvpn: multiple issues
2017-06-22 00:00:00
[ASA-201705-16] openvpn: denial of service
2017-05-13 00:00:00
slackware
slackware
[slackware-security] openvpn
2017-06-21 18:40:28
suse
suse
Security update for openvpn-openssl1 (important)
2017-06-29 18:12:39
Security update for openvpn (important)
2017-06-26 15:16:30
Security update for openvpn (important)
2017-06-21 18:11:05
fedora
fedora
[SECURITY] Fedora 25 Update: openvpn-2.4.3-1.fc25
2017-06-23 20:54:35
[SECURITY] Fedora 26 Update: openvpn-2.4.3-1.fc26
2017-06-24 03:09:57
[SECURITY] Fedora 24 Update: openvpn-2.3.17-1.fc24
2017-06-30 20:51:03
freebsd
freebsd
OpenVPN -- several vulnerabilities
2017-05-19 00:00:00
OpenVPN -- two remote denial-of-service vulnerabilities
2017-05-10 00:00:00
osv
osv
openvpn - security update
2017-06-27 00:00:00
CVE-2017-7508
2017-06-27 13:29:00
CVE-2017-7479
2017-05-15 18:29:00
f5
f5
K63104801 : OpenVPN vulnerabilities CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, and CVE-2017-7522
2017-08-03 00:00:00
K30315990 : OpenVPN vulnerability CVE-2016-6329
2016-09-12 00:00:00
SOL30315990 - OpenVPN vulnerability CVE-2016-6329
2016-09-12 00:00:00
redhatcve
redhatcve
CVE-2017-7508
2017-06-23 07:23:28
CVE-2017-7521
2017-06-23 07:23:00
CVE-2017-7520
2017-06-23 07:23:15
amazon
amazon
Important: openvpn
2017-06-27 17:47:00
Medium: openvpn
2016-09-27 10:30:00
hackerone
hackerone
Internet Bug Bounty: 4 severe remote + several minor OpenVPN vulnerabilities
2017-06-23 10:58:19
thn
thn
Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Security Audits
2017-06-21 21:08:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openvpn version June
2017-06-21 00:00:00
Security fix for the ALT Linux 9 package openvpn version 2.4.2-alt1
2017-05-14 00:00:00
prion
prion
Authentication flaw
2017-07-07 22:29:00
Denial of service
2017-06-27 13:29:00
Authentication flaw
2017-05-15 18:29:00
cve
cve
CVE-2017-7512
2017-07-07 22:29:00
CVE-2017-7508
2017-06-27 13:29:00
CVE-2017-7479
2017-05-15 18:29:00
ubuntucve
ubuntucve
CVE-2017-7512
2017-06-21 00:00:00
CVE-2017-7508
2017-06-21 00:00:00
CVE-2017-7479
2017-05-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:29:14
Sweet32 Attack
2020-09-21 06:32:55
debiancve
debiancve
CVE-2017-7508
2017-06-27 13:29:00
CVE-2017-7479
2017-05-15 18:29:00
CVE-2016-6329
2017-01-31 22:59:00
alpinelinux
alpinelinux
CVE-2017-7479
2017-05-15 18:29:00
gentoo
gentoo
OpenVPN: Multiple vulnerabilities
2016-11-01 00:00:00
threatpost
threatpost
OpenVPN Patches Critical Remote Code Execution Vulnerability
2017-06-21 11:14:36
OpenVPN Audits Yield Mixed Bag
2017-05-15 17:12:09
ibm
ibm
Security Bulletin: IBM b-type Network/Storage switches are affected by Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN (openssl ,redhat,openVPN) vulnerabilities.
2018-10-01 21:25:01
Security Bulletin: IBM Cisco Switches and Directors vulnerable to Sweet32 Birthday attacks (CVE-2016-2183 CVE-2016-6329).
2022-04-11 15:07:09
Security Bulletin: OpenSSL and OpenVPN vulnerabilities affect IBM Rational Team Concert (CVE-2016-2183, CVE-2016-6329)
2018-06-17 05:16:31
symantec
symantec
SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish
2016-12-22 08:00:00
fortinet
fortinet
Protect
2019-02-07 00:00:00
ics
ics
Siemens SIMATIC RF6XXR
2019-07-11 12:00:00
redhat
redhat
(RHSA-2017:1712) Important: Red Hat 3scale API Management Platform 2.0.0 security update
2017-07-06 17:04:26
kitploit
kitploit
CATSploit - An Automated Penetration Testing Tool Using Cyber Attack Techniques Scoring
2024-01-08 11:30:00
JSON
Related for UBUNTU_USN-3339-1.NASL
ubuntu3openvas27mageia3nessus30debian6archlinux2slackware1suse6fedora9freebsd2osv8f54redhatcve5amazon2hackerone1thn1altlinux2prion6cve6ubuntucve6veracode2debiancve5alpinelinux1gentoo1threatpost2ibm6symantec1fortinet1ics1redhat1kitploit1