Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-851-1
HistoryOct 09, 2005 - 12:00 a.m.

openvpn - denial of service

2005-10-0900:00:00
Google
osv.dev
13

EPSS

0.034

Percentile

91.4%

JSON

Several security related problems have been discovered in openvpn, a
Virtual Private Network daemon. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CAN-2005-2531
    Wrong processing of failed certificate authentication when running
    with “verb 0” and without TLS authentication can lead to a denial
    of service by disconnecting the wrong client.
  • CAN-2005-2532
    Wrong handling of packets that can’t be decrypted on the server
    can lead to the disconnection of unrelated clients.
  • CAN-2005-2533
    When running in “dev tap” Ethernet bridging mode, openvpn can
    exhaust its memory by receiving a large number of spoofed MAC
    addresses and hence denying service.
  • CAN-2005-2534
    Simultaneous TCP connections from multiple clients with the same
    client certificate can cause a denial of service when
    --duplicate-cn is not enabled.

The old stable distribution (woody) does not contain openvpn packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.0-1sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.2-1.

We recommend that you upgrade your openvpn package.

Related

nessus 6
altlinux 1
openvas 10
debian 2
nvd 4
cve 4
freebsd 4
cvelist 4
debiancve 4
ubuntucve 4
nessus
nessus
OpenVPN < 2.0.1 Multiple Vulnerabilities (Windows)
2019-05-17 00:00:00
Debian DSA-851-1 : openvpn - programming errors
2005-10-11 00:00:00
FreeBSD : openvpn -- denial of service: malicious authenticated 'tap' client can deplete server virtual memory (1986449a-8b74-40fa-b7cc-0d8def8aad65)
2006-05-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openvpn version 2.0.2-alt1
2005-08-25 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-851-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 851-1 (openvpn)
2008-01-17 00:00:00
FreeBSD Ports: openvpn
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 851-1] New openvpn packages fix denial of service
2005-10-09 07:14:49
[SECURITY] [DSA 851-1] New openvpn packages fix denial of service
2005-10-09 07:14:49
nvd
nvd
CVE-2005-2533
2005-08-24 04:00:00
CVE-2005-2534
2005-08-24 04:00:00
CVE-2005-2532
2005-08-24 04:00:00
cve
cve
CVE-2005-2533
2005-08-24 04:00:00
CVE-2005-2534
2005-08-24 04:00:00
CVE-2005-2532
2005-08-24 04:00:00
freebsd
freebsd
openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory
2005-07-27 00:00:00
openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
2005-07-27 00:00:00
openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server
2005-08-03 00:00:00
cvelist
cvelist
CVE-2005-2533
2005-08-24 04:00:00
CVE-2005-2534
2005-08-24 04:00:00
CVE-2005-2532
2005-08-24 04:00:00
debiancve
debiancve
CVE-2005-2533
2005-08-24 04:00:00
CVE-2005-2534
2005-08-24 04:00:00
CVE-2005-2532
2005-08-24 04:00:00
ubuntucve
ubuntucve
CVE-2005-2533
2005-08-24 00:00:00
CVE-2005-2534
2005-08-24 00:00:00
CVE-2005-2532
2005-08-24 00:00:00

EPSS

0.034

Percentile

91.4%

JSON
Related for OSV:DSA-851-1
nessus6altlinux1openvas10debian2nvd4cve4freebsd4cvelist4debiancve4ubuntucve4