aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authormandree <mandree@FreeBSD.org>2017-05-12 04:27:59 +0800
committermandree <mandree@FreeBSD.org>2017-05-12 04:27:59 +0800
commite4bc2fb2c22766b77b18c82343d08872f45e163e (patch)
treea2f93da96c74fa28632107eb60b4aaea19b7456f /security
parent64bb51529f89f0e09388fd3ba6834afe6cbc4ed2 (diff)
downloadfreebsd-ports-gnome-e4bc2fb2c22766b77b18c82343d08872f45e163e.tar.gz
freebsd-ports-gnome-e4bc2fb2c22766b77b18c82343d08872f45e163e.tar.zst
freebsd-ports-gnome-e4bc2fb2c22766b77b18c82343d08872f45e163e.zip
Add openvpn < 2.3.15/< 2.4.2 DoS vuln.
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Reported by: Samuli Seppänen Security: 04cc7bd2-3686-11e7-aa64-080027ef73ec Security: CVE-2017-7478 Security: CVE-2017-7479
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml64
1 files changed, 64 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 2f59b4902f85..873fca3d18f9 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,70 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="04cc7bd2-3686-11e7-aa64-080027ef73ec">
+ <topic>OpenVPN -- two remote denial-of-service vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openvpn</name>
+ <range><lt>2.3.15</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.2</lt></range>
+ </package>
+ <package>
+ <name>openvpn23</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ <package>
+ <name>openvpn-mbedtls</name>
+ <range><ge>2.4.0</ge><lt>2.4.2</lt></range>
+ </package>
+ <package>
+ <name>openvpn-polarssl</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ <package>
+ <name>openvpn23-polarssl</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samuli Seppänen reports:</p>
+ <blockquote cite="https://openvpn.net/index.php/open-source/downloads.html">
+ <p>OpenVPN v2.4.0 was audited for security vulnerabilities independently by
+ Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by
+ Private Internet Access) between December 2016 and April 2017. The
+ primary findings were two remote denial-of-service vulnerabilities.
+ Fixes to them have been backported to v2.3.15.</p>
+ <p>An authenticated client can do the 'three way handshake'
+ (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet
+ is the first that is allowed to carry payload. If that payload is
+ too big, the OpenVPN server process will stop running due to an
+ ASSERT() exception. That is also the reason why servers using
+ tls-auth/tls-crypt are protected against this attack - the P_CONTROL
+ packet is only accepted if it contains the session ID we specified,
+ with a valid HMAC (challenge-response). (CVE-2017-7478)</p>
+ <p>An authenticated client can cause the server's the packet-id
+ counter to roll over, which would lead the server process to hit an
+ ASSERT() and stop running. To make the server hit the ASSERT(), the
+ client must first cause the server to send it 2^32 packets (at least
+ 196 GB).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://openvpn.net/index.php/open-source/downloads.html</url>
+ <cvename>CVE-2017-7478</cvename>
+ <cvename>CVE-2017-7479</cvename>
+ <url>https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits</url>
+ <url>https://ostif.org/?p=870&amp;preview=true</url>
+ <url>https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/</url>
+ </references>
+ <dates>
+ <discovery>2017-05-10</discovery>
+ <entry>2017-05-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="414c18bf-3653-11e7-9550-6cc21735f730">
<topic>PostgreSQL vulnerabilities</topic>
<affects>