DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News
Reload this Page Security OpenVPN plugs DoS hole
FAQ Today's Posts Search

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd December 2014
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,132
Default OpenVPN plugs DoS hole
From http://www.theregister.co.uk/2014/12...vulnerability/

Quote:
OpenVPN has patched a denial-of-service vulnerability which authenticated users could trigger by sending malicious packets.

The flaw (CVE-2014-8104) is most hurtful to VPN service providers and was reported by researcher Dragana Damjanovic to OpenVPN last month.

Maintainers said in an advisory issued this morning that the flaw affected versions back to at least 2005 and allowed TLS-authenticated clients to crash the server by sending a too-short control channel packet to the server.

"In other words this vulnerability is denial of service only," they said.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Oracle plugs security holes: Updates for Java 1.4 to 7 J65nko News 1 21st February 2013 02:36 PM
Flash Player update plugs exploited hole J65nko News 1 17th February 2012 02:03 AM
Does pf conflict with OpenVPN? Emile OpenBSD Packages and Ports 37 2nd February 2011 11:03 PM
Adobe: hole closed, hole open J65nko News 0 5th November 2010 06:50 PM
Cannot set up OpenVPN guitarscn OpenBSD Security 8 5th October 2009 05:19 PM


All times are GMT. The time now is 08:52 PM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick