Debian Security Advisory DSA 3084-1 (openvpn - security update)

Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packe containing less than four bytes as payload. OpenVAS Vulnerability Test $Id: deb3084.nasl 6750 2017-07-18 09:56:47Z teissa $ Auto-generated from advisory DSA 3084-1 using nvtgen 1.0...

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

DSA-3084-1 openvpn - security update

Bulletin has no description...

UBUNTU-CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

OpenVPN -- denial of service security vulnerability

The OpenVPN project reports: In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability CVE-2014-8104. The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the...

Debian: Security Advisory (DSA-3084-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-9104

Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...

CVE-2014-9104

CVE-2014-9104 covers CSRF vulnerabilities in the XML-RPC API of the OpenVPN Access Server Desktop Client (versions up to 1.5.6). The issues allow an attacker to hijack administrator authentication and perform actions via crafted API requests, including disconnecting VPN sessions, connecting to ar...

OpenVPN 2.2.29 - ShellShock Exploit

No description provided by source. Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port 1194 proto udp dev...

OpenVPN 2.2.29 - Shellshock Remote Command Injection

OpenVPN 2.2.29 - Shellshock Remote Command Injection Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port...

OpenVPN 2.2.29 - 'Shellshock' Remote Command Injection

Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port 1194 proto udp dev tun client-cert-not-required...

Ubuntu 12.04 LTS : openvpn vulnerability (USN-2368-1)

It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack. Note that Tenable Network Security has extracted the precedi...

Ubuntu: Security Advisory (USN-2368-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2368-1: OpenVPN vulnerability

It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack...

VMware Begins to Patch Bash Issues Across Product Line

Much like Heartbleed triggered vendors to issue out of band patches to remedy vulnerabilities that popped up earlier this year, Shellshock, the Bash vulnerability, has forced vendors’ hands in a similar fashion. Virtualization firm VMware issued a progress report on fixes for four different types...

OpenVPN vulnerable to Shellshock Bash vulnerability

OpenVPN wasn’t immune to the Heartbleed vulnerability in OpenSSL, and it’s not going to sidestep Shellshock either. Fredrick Stromberg, cofounder of Mullvad, a Swedish VPN company, reported that OpenVPN servers are vulnerable to Shellshock , the vulnerability in Bash plaguing Linux, UNIX and Mac ...

Design/Logic Flaw

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 Windows and OpenVPN Connect version 3.1 Windows allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder...

CVE-2014-5455

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 Windows and OpenVPN Connect version 3.1 Windows allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder...

PT-2014-6485

Name of the Vulnerable Software and Affected Versions PrivateTunnel versions prior to 3.0 OpenVPN Connect versions prior to 3.1 Description The issue allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder, due to an unquoted Windows search path...