2376 matches found
Mageia: Security Advisory (MGASA-2024-0255)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0255 Updated openvpn packages fix security vulnerability
Control channel: refuse control channel messages with nonprintable characters in them. CVE-2024-5594...
Updated openvpn packages fix security vulnerability
Control channel: refuse control channel messages with nonprintable characters in them. CVE-2024-5594...
Ubuntu: Security Advisory (USN-6860-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6860-1: OpenVPN vulnerabilities
Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. CVE-2024-28882...
USN-6860-1 openvpn vulnerabilities
Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. CVE-2024-28882...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : OpenVPN vulnerabilities (USN-6860-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6860-1 advisory. Reynir Bjrnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client...
ALPINE-CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
DEBIAN-CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
UBUNTU-CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
[SECURITY] Fedora 40 Update: openvpn-2.6.11-1.fc40
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
CVE-2024-28820
CVE-2024-28820 concerns the Three Rings OpenVPN LDAP plugin (openvpn-auth-ldap) 2.0.4. The flaw is a buffer overflow in extract_openvpn_cr (openvpn-cr.c) when handling the challenge/response password field; an attacker with a valid LDAP username who can control that field can supply input with mo...
CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
PT-2024-22590 · Unknown +1 · Openvpn-Auth-Ldap +1
Name of the Vulnerable Software and Affected Versions: openvpn-auth-ldap version 2.0.4 Description: The issue is a buffer overflow in the extract openvpn cr function in openvpn-cr.c that allows attackers with a valid LDAP username and control over the challenge/response password field to cause a...
security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response
Graham Northup reports: A buffer overflow in extractopenvpncr allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow...
Ubuntu: Security Advisory (USN-6850-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...