FreeBSD : openvpn -- denial of service: client certificate validation can disconnect unrelated clients (a51ad838-2077-48b2-a136-e888a7db5f8d)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

James Yonan reports :

DoS attack against server when run with 'verb 0' and without
'tls-auth'. If a client connection to the server fails certificate
verification, the OpenSSL error queue is not properly flushed, which
can result in another unrelated client instance on the server seeing
the error and responding to it, resulting in disconnection of the
unrelated client.

See also :

http://openvpn.net/changelog.html
http://www.nessus.org/u?c3f9ffb6

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21488 (freebsd_pkg_a51ad838207748b2a136e888a7db5f8d.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2531

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now