[SECURITY] Fedora 25 Update: openvpn-2.4.2-1.fc25

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Fedora Update for openvpn FEDORA-2017-0d0f18140a

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 26 Update: openvpn-2.4.2-1.fc26

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Security fix for the ALT Linux 9 package openvpn version 2.4.2-alt1

May 14, 2017 Nikolay A. Fetisov 2.4.2-alt1 - New version - Security fixes: + CVE-2017-7478 Don't assert out on receiving too-large control packets + CVE-2017-7479 Drop packets instead of assert out if packet id rolls over...

[ASA-201705-16] openvpn: denial of service

Arch Linux Security Advisory ASA-201705-16 ========================================== Severity: High Date : 2017-05-13 CVE-ID : CVE-2017-7478 CVE-2017-7479 Package : openvpn Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-271 Summary ======= The package openvpn...

OpenVPN 2.4.0 Denial Of Service

!/usr/bin/env python3 ''' $ ./dosserver.py & $ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf ... Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from AFINET192.168.149.1:64249, sid=9a6c48a6 1467f5e1 Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Assertion failed at...

Ubuntu: Security Advisory (USN-3284-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 17.04 : openvpn vulnerabilities (USN-3284-1)

It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service server or client crash. CVE-2017-7478 It was discovered that OpenVPN improperly triggered an assert when packe...

FreeBSD : OpenVPN -- two remote denial-of-service vulnerabilities (04cc7bd2-3686-11e7-aa64-080027ef73ec)

Samuli Seppanen reports : OpenVPN v2.4.0 was audited for security vulnerabilities independently by Quarkslabs funded by OSTIF and Cryptography Engineering funded by Private Internet Access between December 2016 and April 2017. The primary findings were two remote denial-of-service vulnerabilities...

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

USN-3284-1: OpenVPN vulnerabilities

It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service server or client crash. CVE-2017-7478 It was discovered that OpenVPN improperly triggered an assert when packe...

UBUNTU-CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

OpenVPN 2.4.0 - Denial of Service

OpenVPN 2.4.0 - Denial of Service !/usr/bin/env python3 ''' $ ./dosserver.py & $ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf ... Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from AFINET192.168.149.1:64249, sid=9a6c48a6 1467f5e1 Fri Feb 24 10:19:19 2017...

OpenVPN 2.4.0 - Unauthenticated Denial of Service Exploit

Exploit for multiple platform in category dos / poc !/usr/bin/env python3 ''' $ ./dosserver.py & $ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf ... Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from AFINET192.168.149.1:64249, sid=9a6c48a6 1467f5e1 Fri Feb 24...

OpenVPN 2.4.0 - Denial of Service

!/usr/bin/env python3 ''' $ ./dosserver.py & $ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf ... Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from AFINET192.168.149.1:64249, sid=9a6c48a6 1467f5e1 Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Assertion failed at...

OpenVPN -- two remote denial-of-service vulnerabilities

Samuli Seppänen reports: OpenVPN v2.4.0 was audited for security vulnerabilities independently by Quarkslabs funded by OSTIF and Cryptography Engineering funded by Private Internet Access between December 2016 and April 2017. The primary findings were two remote denial-of-service vulnerabilities...

HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation

HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation Source: https://www.securify.nl/advisory/SFY20170408/localprivilegeescalationvulnerabilityinhidemyassprovpnclientv3xformacos.html Abstract A local privilege escalation vulnerability has been found in the helper binary...

HideMyAss Pro VPN Client 3.3.0.3 Privilege Escalation Vulnerability

HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary com.privax.hmaprovpn.helper local privilege escalation vulnerability. ------------------------------------------------------------------------ Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x f...

HideMyAss Pro VPN Client 3.3.0.3 Privilege Escalation

------------------------------------------------------------------------ Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS ------------------------------------------------------------------------ Han Sahin, April 2017...