Test ID:	1.3.6.1.4.1.25623.1.0.61495
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-612-10 (openvpn)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openvpn announced via advisory USN-612-10. A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS with password protected certificates which caused OpenVPN to not start when used with applications such as NetworkManager. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: openvpn 2.0.9-5ubuntu0.3 Ubuntu 7.10: openvpn 2.0.9-8ubuntu0.3 Ubuntu 8.04 LTS: openvpn 2.1~ rc7-1ubuntu3.3 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-612-10 Risk factor : High
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.