FreeBSD : openvpn -- denial of service: client certificate validation can disconnect unrelated clients (a51ad838-2077-48b2-a136-e888a7db5f8d)
Medium Nessus Plugin ID 21488
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionJames Yonan reports :
DoS attack against server when run with 'verb 0' and without 'tls-auth'. If a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client.
SolutionUpdate the affected package.