 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.55611 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandrake Security Advisory MDKSA-2005:145 (openvpn) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to openvpn announced via advisory MDKSA-2005:145. A number of vulnerabilities were discovered in OpenVPN that were fixed in the 2.0.1 release: A DoS attack against the server when run with verb 0 and without tls-auth when a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client (CVE-2005-2531). A DoS attack against the server by an authenticated client that sends a packet which fails to decrypt on the server, the OpenSSL error queue was not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client (CVE-2005-2532). A DoS attack against the server by an authenticated client is possible in dev tap ethernet bridging mode where a malicious client could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, resulting in the OpenVPN process exhausting system virtual memory (CVE-2005-2533). If two or more client machines tried to connect to the server at the same time via TCP, using the same client certificate, a race condition could crash the server if --duplicate-cn is not enabled on the server (CVE-2005-2534). This update provides OpenVPN 2.0.1 which corrects these issues as well as a number of other bugs. Affected versions: Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:145 Risk factor : Medium CVSS Score: 5.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-2531 BugTraq ID: 14605 http://www.securityfocus.com/bid/14605 Debian Security Information: DSA-851 (Google Search) http://www.debian.org/security/2005/dsa-851 http://www.mandriva.com/security/advisories?name=MDKSA-2005:145 http://secunia.com/advisories/16463 http://secunia.com/advisories/17103 SuSE Security Announcement: SUSE-SR:2005:020 (Google Search) http://www.novell.com/linux/security/advisories/2005_20_sr.html Common Vulnerability Exposure (CVE) ID: CVE-2005-2532 BugTraq ID: 14607 http://www.securityfocus.com/bid/14607 Common Vulnerability Exposure (CVE) ID: CVE-2005-2533 Common Vulnerability Exposure (CVE) ID: CVE-2005-2534 BugTraq ID: 14610 http://www.securityfocus.com/bid/14610 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |