CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution...

DEBIAN-CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution...

CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution...

Buffer overflow

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution...

UBUNTU-CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution...

CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution...

CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution...

CVE-2017-12166

CVE-2017-12166 affects OpenVPN prior to 2.3.3 and prior to 2.4.4, due to a buffer overflow in the read_key/key-method handling (read_key() stack-based overflow reported by security advisories). Exploitation could lead to remote code execution. Remediation across tracked disclosures: upgrade to Op...

Fedora 26 : openvpn (2017-700915e34f)

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...

[SECURITY] Fedora 26 Update: openvpn-2.4.4-1.fc26

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

FreeBSD : OpenVPN -- out-of-bounds write in legacy key-method 1 (3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8)

Steffan Karger reports : The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack-based buffer overflow. ... Note that 'key-method 1' has been replaced by 'key method 2' as...

[ASA-201709-21] openvpn: arbitrary code execution

Arch Linux Security Advisory ASA-201709-21 ========================================== Severity: Medium Date : 2017-09-28 CVE-ID : CVE-2017-12166 Package : openvpn Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-420 Summary ======= The package openvpn before...

OpenVPN -- out-of-bounds write in legacy key-method 1

Steffan Karger reports: The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. ... Note that 'key-method 1' has been replaced by 'key method 2' as the...

Crowbar - Brute Forcing Tool (SSH, OpenVPN, RDP, VNC)

Crowbar formally known as Levye is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH...

RHEL 6 : Red Hat JBoss Core Services (RHSA-2017:2710)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2710 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services security update

An update is now available for JBoss Core Services on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services security update

An update is now available for JBoss Core Services on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

BSA-2017-380

Security Advisory ID : BSA-2017-380 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension. Affected Products Brocade is...

BSA-2017-378

Security Advisory ID : BSA-2017-378 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Affected Products Brocade is investigating its product lines to determine which products...