Detections
Analytics
Debian DSA-851-1 : openvpn - programming errors
medium Nessus Plugin ID 19959
Synopsis
The remote Debian host is missing a security-related update.Description
Several security related problems have been discovered in openvpn, a Virtual Private Network daemon. The Common Vulnerabilities and Exposures project identifies the following problems :- CAN-2005-2531 Wrong processing of failed certificate authentication when running with 'verb 0' and without TLS authentication can lead to a denial of service by disconnecting the wrong client.
- CAN-2005-2532
Wrong handling of packets that can't be decrypted on the server can lead to the disconnection of unrelated clients.
- CAN-2005-2533
When running in 'dev tap' Ethernet bridging mode, openvpn can exhaust its memory by receiving a large number of spoofed MAC addresses and hence denying service.
- CAN-2005-2534
Simultaneous TCP connections from multiple clients with the same client certificate can cause a denial of service when--duplicate-cn is not enabled.
Solution
Upgrade the openvpn package.The old stable distribution (woody) does not contain openvpn packages.
For the stable distribution (sarge) these problems have been fixed in version 2.0-1sarge1.
See Also
Plugin Details
Severity: Medium
ID: 19959
File Name: debian_DSA-851.nasl
Version: 1.19
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 10/11/2005
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:openvpn, cpe:/o:debian:debian_linux:3.1
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Patch Publication Date: 10/9/2005
Vulnerability Publication Date: 8/16/2005
Reference Information
CVE: CVE-2005-2531, CVE-2005-2532, CVE-2005-2533, CVE-2005-2534
DSA: 851