2376 matches found
Updated openvpn packages fix security vulnerability
It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service server or client crash CVE-2017-7478. It was discovered that OpenVPN improperly triggered an assert when packe...
MGASA-2017-0152 Updated openvpn packages fix security vulnerability
It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service server or client crash CVE-2017-7478. It was discovered that OpenVPN improperly triggered an assert when packe...
OpenVPN Access Server : CRLF injection with Session fixation(CVE-2017-5868)
Description OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, a...
OpenVPN Access Server 2.1.4 CRLF Injection
OpenVPN Access Server : CRLF injection with Session fixation Description OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client...
Ubiquiti Inc.: CRLF Injection on openvpn.svc.ubnt.com
The researcher reported the vulnerability CVE-2017-5868 in one of our server, it got promptly mitigated, once no oficial patch was available at the time of submit. Ubiquiti's employee VPN server was vulnerable to CVE-2017-5868, the issue was reported to them by me and quickly patched. Thank you...
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/...
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/...
Crlf injection
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/...
CVE-2017-5868
OpenVPN Access Server 2.1.4 is affected by a CRLF injection in the web interface that can be triggered via %0A in PATH_INFO to session_start , enabling header injection and potentially session fixation attacks (and possibly HTTP response splitting). The vulnerability is documented across multiple...
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/...
Fedora Update for openvpn FEDORA-2017-f426acf49d
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 24 Update: openvpn-2.3.16-1.fc24
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
OpenVPN Access Server CRLF Injection Vulnerability
OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for virtual private networks VPNs that use the OpenSSL library to encrypt data and control information.OpenVPN Access Server is a commercial paid version of OpenVPN. OpenVPN Access Server suffers from a...
Fedora 24 : openvpn (2017-f426acf49d)
Security fix for two remote DoS issues CVE-2017-7478, CVE-2017-7479 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
OpenVPN -- several vulnerabilities
Samuli Seppänen reports: In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. ... The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17. This is a list of fixed important...
OpenVPN Unauthenticated Denial of Service Vulnerability
OpenVPN is a software package for creating virtual private network VPN encrypted tunnels from the American company OpenVPN.OpenVPN PrivateTunnel is an OpenVPN service. A denial-of-service vulnerability exists in OpenVPN that allows remote attackers to conduct denial-of-service attacks by submitti...
OpenVPN Denial of Service Vulnerability (CNVD-2017-06937)
OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...
Debian DLA-944-1 : openvpn security update
Denial of Service due to Exhaustion of Packet-ID counter An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT and stop running. To make the server hit the ASSERT, the client must first cause the server to send it...
[SECURITY] [DLA 944-1] openvpn security update
Package : openvpn Version : 2.2.1-8+deb7u4 CVE ID : CVE-2017-7479 Denial of Service due to Exhaustion of Packet-ID counter An authenticated client can cause the servers the packet-id counter to roll over, which would lead the server process to hit an ASSERT and stop running. To make the server hi...
DLA-944-1 openvpn - security update
Bulletin has no description...