 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.55611 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandrake Security Advisory MDKSA-2005:145 (openvpn) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to openvpn announced via advisory MDKSA-2005:145. A number of vulnerabilities were discovered in OpenVPN that were fixed in the 2.0.1 release: A DoS attack against the server when run with verb 0 and without tls-auth when a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client (CVE-2005-2531). A DoS attack against the server by an authenticated client that sends a packet which fails to decrypt on the server, the OpenSSL error queue was not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client (CVE-2005-2532). A DoS attack against the server by an authenticated client is possible in dev tap ethernet bridging mode where a malicious client could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, resulting in the OpenVPN process exhausting system virtual memory (CVE-2005-2533). If two or more client machines tried to connect to the server at the same time via TCP, using the same client certificate, a race condition could crash the server if --duplicate-cn is not enabled on the server (CVE-2005-2534). This update provides OpenVPN 2.0.1 which corrects these issues as well as a number of other bugs. Affected versions: Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:145 Risk factor : Medium CVSS Score: 5.0 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-2531 BugTraq ID: 14605 http://www.securityfocus.com/bid/14605 Debian Security Information: DSA-851 (Google Search) http://www.debian.org/security/2005/dsa-851 http://www.mandriva.com/security/advisories?name=MDKSA-2005:145 http://secunia.com/advisories/16463 http://secunia.com/advisories/17103 SuSE Security Announcement: SUSE-SR:2005:020 (Google Search) http://www.novell.com/linux/security/advisories/2005_20_sr.html Common Vulnerability Exposure (CVE) ID: CVE-2005-2532 BugTraq ID: 14607 http://www.securityfocus.com/bid/14607 Common Vulnerability Exposure (CVE) ID: CVE-2005-2533 Common Vulnerability Exposure (CVE) ID: CVE-2005-2534 BugTraq ID: 14610 http://www.securityfocus.com/bid/14610 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |