FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  512420
Date:      2019-09-20
Time:      15:56:44Z
Committer: pi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
04cc7bd2-3686-11e7-aa64-080027ef73ecOpenVPN -- two remote denial-of-service vulnerabilities

Samuli Seppänen reports:

OpenVPN v2.4.0 was audited for security vulnerabilities independently by Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by Private Internet Access) between December 2016 and April 2017. The primary findings were two remote denial-of-service vulnerabilities. Fixes to them have been backported to v2.3.15.

An authenticated client can do the 'three way handshake' (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet is the first that is allowed to carry payload. If that payload is too big, the OpenVPN server process will stop running due to an ASSERT() exception. That is also the reason why servers using tls-auth/tls-crypt are protected against this attack - the P_CONTROL packet is only accepted if it contains the session ID we specified, with a valid HMAC (challenge-response). (CVE-2017-7478)

An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT() and stop running. To make the server hit the ASSERT(), the client must first cause the server to send it 2^32 packets (at least 196 GB).


Discovery 2017-05-10
Entry 2017-05-11
openvpn
lt 2.3.15

ge 2.4.0 lt 2.4.2

openvpn23
lt 2.3.15

openvpn-mbedtls
ge 2.4.0 lt 2.4.2

openvpn-polarssl
lt 2.3.15

openvpn23-polarssl
lt 2.3.15

https://openvpn.net/index.php/open-source/downloads.html
CVE-2017-7478
CVE-2017-7479
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://ostif.org/?p=870&preview=true
https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/
3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8OpenVPN -- out-of-bounds write in legacy key-method 1

Steffan Karger reports:

The bounds check in read_key() was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. [...]

Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4 and marked for removal in 2.5. This should limit the amount of users impacted by this issue.


Discovery 2017-09-21
Entry 2017-09-27
openvpn-polarssl
lt 2.3.18

openvpn-mbedtls
ge 2.4.0 lt 2.4.4

openvpn
ge 2.4.0 lt 2.4.4

lt 2.3.18

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html
CVE-2017-12166
0dc8be9e-19af-11e6-8de0-080027ef73ecOpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing

Samuli Seppänen reports:

OpenVPN 2.3.11 [...] fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication.[...]


Discovery 2016-03-03
Entry 2016-05-14
openvpn
lt 2.3.11

openvpn-polarssl
lt 2.3.11

https://sourceforge.net/p/openvpn/mailman/message/35076507/
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
9f65d382-56a4-11e7-83e3-080027ef73ecOpenVPN -- several vulnerabilities

Samuli Seppänen reports:

In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. [...] The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17.

This is a list of fixed important vulnerabilities:

  • Remotely-triggerable ASSERT() on malformed IPv6 packet
  • Pre-authentication remote crash/information disclosure for clients
  • Potential double-free in --x509-alt-username
  • Remote-triggerable memory leaks
  • Post-authentication remote DoS when using the --x509-track option
  • Null-pointer dereference in establish_http_proxy_passthru()

Discovery 2017-05-19
Entry 2017-06-21
openvpn
lt 2.3.17

ge 2.4.0 lt 2.4.3

openvpn-mbedtls
lt 2.4.3

openvpn-polarssl
lt 2.3.17

https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
CVE-2017-7508
CVE-2017-7512
CVE-2017-7520
CVE-2017-7521
CVE-2017-7522