diff options
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r-- | security/vuxml/vuln.xml | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2f59b4902f85..873fca3d18f9 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,70 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="04cc7bd2-3686-11e7-aa64-080027ef73ec"> + <topic>OpenVPN -- two remote denial-of-service vulnerabilities</topic> + <affects> + <package> + <name>openvpn</name> + <range><lt>2.3.15</lt></range> + <range><ge>2.4.0</ge><lt>2.4.2</lt></range> + </package> + <package> + <name>openvpn23</name> + <range><lt>2.3.15</lt></range> + </package> + <package> + <name>openvpn-mbedtls</name> + <range><ge>2.4.0</ge><lt>2.4.2</lt></range> + </package> + <package> + <name>openvpn-polarssl</name> + <range><lt>2.3.15</lt></range> + </package> + <package> + <name>openvpn23-polarssl</name> + <range><lt>2.3.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Samuli Seppänen reports:</p> + <blockquote cite="https://openvpn.net/index.php/open-source/downloads.html"> + <p>OpenVPN v2.4.0 was audited for security vulnerabilities independently by + Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by + Private Internet Access) between December 2016 and April 2017. The + primary findings were two remote denial-of-service vulnerabilities. + Fixes to them have been backported to v2.3.15.</p> + <p>An authenticated client can do the 'three way handshake' + (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet + is the first that is allowed to carry payload. If that payload is + too big, the OpenVPN server process will stop running due to an + ASSERT() exception. That is also the reason why servers using + tls-auth/tls-crypt are protected against this attack - the P_CONTROL + packet is only accepted if it contains the session ID we specified, + with a valid HMAC (challenge-response). (CVE-2017-7478)</p> + <p>An authenticated client can cause the server's the packet-id + counter to roll over, which would lead the server process to hit an + ASSERT() and stop running. To make the server hit the ASSERT(), the + client must first cause the server to send it 2^32 packets (at least + 196 GB).</p> + </blockquote> + </body> + </description> + <references> + <url>https://openvpn.net/index.php/open-source/downloads.html</url> + <cvename>CVE-2017-7478</cvename> + <cvename>CVE-2017-7479</cvename> + <url>https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits</url> + <url>https://ostif.org/?p=870&preview=true</url> + <url>https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/</url> + </references> + <dates> + <discovery>2017-05-10</discovery> + <entry>2017-05-11</entry> + </dates> + </vuln> + <vuln vid="414c18bf-3653-11e7-9550-6cc21735f730"> <topic>PostgreSQL vulnerabilities</topic> <affects> |