FreeBSD : openvpn -- potential denial-of-service on servers in TCP mode (3de49331-0dec-422c-93e5-e4719e9869c5)

James Yonan reports : If the TCP server accept call returns an error status, the resulting exception handler may attempt to indirect through a NULL pointer, causing a segfault. Affects all OpenVPN 2.0 versions. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

FreeBSD : openvpn -- LD_PRELOAD code execution on client through malicious or compromised server (be4ccb7b-c48b-11da-ae12-0002b3b60e4c)

Hendrik Weimer reports : OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...

FreeBSD : openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server (5ad3e437-e527-4514-b9ed-280b2ca1a8c9)

James Yonan reports : If two or more client machines try to connect to the server at the same time via TCP, using the same client certificate, and when --duplicate-cn is not enabled on the server, a race condition can crash the server with 'Assertion failed at mtcp.c:411' %NASLMINLEVEL 70300 C...

FreeBSD : openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients (d1c39c8e-05ab-4739-870f-765490fa2052)

James Yonan reports : If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client...

FreeBSD : openvpn -- denial of service: malicious authenticated 'tap' client can deplete server virtual memory (1986449a-8b74-40fa-b7cc-0d8def8aad65)

James Yonan reports : A malicious authenticated client in 'dev tap' ethernet bridging mode could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, causing the OpenVPN process to deplete system virtual memory as it expands its...

FreeBSD : openvpn -- denial of service: client certificate validation can disconnect unrelated clients (a51ad838-2077-48b2-a136-e888a7db5f8d)

James Yonan reports : DoS attack against server when run with 'verb 0' and without 'tls-auth'. If a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error...

OpenVPN Unprotected Management Interface

The remote host is running OpenVPN, an open source SSL VPN. The version of OpenVPN installed on the remote host does not require authentication to access the server's management interface. An attacker can leverage this issue to gain complete control over the affected application simply by telneti...

openvpn207.txt

Hi, There is a flaw well more a stupid design than anything else in OpenVPN 2.0.7 and below in the the Remote Management Interface that allows an attacker to gain complete control because there is NO AUTHENTICATION YES NO AUTHENTICATION AT ALL!. This can be carried out from within the LAN that th...

Design/Logic Flaw

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...

CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...

DEBIAN-CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...

CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...

CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...

CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use --management with an IP not equal to 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. The provided connected documents...

CVE-2006-2229

Removed by vendor...

[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1045-1 [email protected] http://www.debian.org/security/ Martin Schulze April 27th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1045-1 [email protected] http://www.debian.org/security/ Martin Schulze April 27th, 2006 http://www.debian.org/security/faq -...

DSA-1045-1 openvpn - design error

Bulletin has no description...

Mandrake Linux Security Advisory : openvpn (MDKSA-2006:069)

A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable. Updated packages have been patched to correct this issue by removing setenv support. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...