ID de Prueba:	1.3.6.1.4.1.25623.1.1.12.2025.7340.1
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu: Security Advisory (USN-7340-1)
Resumen:	The remote host is missing an update for the 'openvpn' package(s) announced via the USN-7340-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openvpn' package(s) announced via the USN-7340-1 advisory. Vulnerability Insight: It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS. (CVE-2017-12166) Reynir Bjornsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service. (CVE-2024-5594) Affected Software/OS: 'openvpn' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-12166 BugTraq ID: 101153 http://www.securityfocus.com/bid/101153 https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html http://www.securitytracker.com/id/1039470 Common Vulnerability Exposure (CVE) ID: CVE-2024-5594
Copyright	Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.