OpenVPN plugs DoS hole
From http://www.theregister.co.uk/2014/12...vulnerability/
Quote:
OpenVPN has patched a denial-of-service vulnerability which authenticated users could trigger by sending malicious packets.
The flaw (CVE-2014-8104) is most hurtful to VPN service providers and was reported by researcher Dragana Damjanovic to OpenVPN last month.
Maintainers said in an advisory issued this morning that the flaw affected versions back to at least 2005 and allowed TLS-authenticated clients to crash the server by sending a too-short control channel packet to the server.
"In other words this vulnerability is denial of service only," they said.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|