SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenVPN Vendors:   openvpn.net
OpenVPN Control Channel Packet Processing Flaw Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1031277
SecurityTracker URL:  http://securitytracker.com/id/1031277
CVE Reference:   CVE-2014-8104   (Links to External Site)
Date:  Dec 2 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.x
Description:   A vulnerability was reported in OpenVPN. A remote authenticated user can cause denial of service conditions.

A remote authenticated user (TLS-authenticated using certificates) can send a specially crafted control channel packet to cause the target service to crash.

Version 3.x is not affected.

Dragana Damjanovic reported this vulnerability.

Impact:   A remote authenticated user can cause the target service to crash.
Solution:   The vendor has issued a fix (2.3.6).

The vendor's advisory is available at:

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b

Vendor URL:  community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 2 2014 (Ubuntu Issues Fix) OpenVPN Control Channel Packet Processing Flaw Lets Remote Authenticated Users Deny Service
Ubuntu has issued a fix for Ubuntu 12.04 LTS, 14.04 LTS, and 14.10.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC