Summary
Dragana Damjanovic discovered that
an authenticated client could crash an OpenVPN server by sending a control packe containing less than four bytes as payload.
Solution
For the stable distribution (wheezy),
this problem has been fixed in version 2.2.1-8+deb7u3.
For the unstable distribution (sid), this problem has been fixed in version 2.3.4-5.
We recommend that you upgrade your openvpn packages.
Insight
OpenVPN is an application to securely
tunnel IP networks over a single UDP or TCP port. It can be used to access remote sites, make secure point-to-point connections, enhance wireless security, etc.
Affected
openvpn on Debian Linux
Detection
This check tests the installed software
version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8104 -
CVSS Base Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C
Related Vulnerabilities