OpenVPN 2.x < 2.2.3 / 2.3.6 Control Channel Packet Handling DoS

According to its self-reported version number, the version of OpenVPN installed on the remote host is affected by an error related to 'Control Channel Packet' handling and TLS-authenticated clients that could allow denial of service attacks. C Tenable Network Security, Inc. include"compat.inc"; i...

Code injection

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

DEBIAN-CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

CVE-2014-8104

Summary: CVE-2014-8104 affects OpenVPN 2.x (various branches) and allows a remote authenticated attacker to cause a denial of service (server crash) by sending a small control channel packet. The root cause is improper handling of too-small control channel packets. Impact: denial of service with ...

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

Debian DSA-3084-1 : openvpn - security update

Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Ubuntu 14.04 LTS : OpenVPN vulnerability (USN-2430-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2430-1 advisory. Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN...

[SECURITY] [DLA 98-1] openvpn security update

Package : openvpn Version : 2.1.3-2+squeeze3 CVE ID : CVE-2014-8104 Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload. For the oldstable distribution squeeze, this problem has been fixed ...

USN-2430-1: OpenVPN vulnerability

Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service...

USN-2430-1 openvpn vulnerability

Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service...

OpenVPN Patches Denial of Service Vulnerability

An update for OpenVPN released on Monday patches a serious denial of service vulnerability present in the open source VPN software since 2005. “It is also possible that even older versions are affected,” OpenVPN said in its advisory, clarifying that the flaw affects primarily OpenVPN 2.x versions...

OpenVPN DoS

DoS after authentication via control characters...

openvpn: denial of service

It was discovered that an authenticated client could trigger an ASSERT in OpenVPN by sending a too-short control channel packet to the server. This could cause the OpenVPN server to crash and deny access to the VPN to other legitimate users...

FreeBSD : OpenVPN -- denial of service security vulnerability (23ab5c3e-79c3-11e4-8b1e-d050992ecde8)

The OpenVPN project reports : In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability CVE-2014-8104. The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the...

DLA-98-1 openvpn - security update

Bulletin has no description...

[USN-2430-1] OpenVPN vulnerability

========================================================================== Ubuntu Security Notice USN-2430-1 December 02, 2014 openvpn vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SECURITY] [DSA 3084-1] openvpn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3084-1 [email protected] http://www.debian.org/security/ Florian Weimer December 01, 2014 http://www.debian.org/security/faq -...