FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  512243
Date:      2019-09-17
Time:      22:50:11Z
Committer: leres

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8OpenVPN -- out-of-bounds write in legacy key-method 1

Steffan Karger reports:

The bounds check in read_key() was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. [...]

Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4 and marked for removal in 2.5. This should limit the amount of users impacted by this issue.


Discovery 2017-09-21
Entry 2017-09-27
openvpn-polarssl
lt 2.3.18

openvpn-mbedtls
ge 2.4.0 lt 2.4.4

openvpn
ge 2.4.0 lt 2.4.4

lt 2.3.18

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html
CVE-2017-12166
0dc8be9e-19af-11e6-8de0-080027ef73ecOpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing

Samuli Seppänen reports:

OpenVPN 2.3.11 [...] fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication.[...]


Discovery 2016-03-03
Entry 2016-05-14
openvpn
lt 2.3.11

openvpn-polarssl
lt 2.3.11

https://sourceforge.net/p/openvpn/mailman/message/35076507/
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
23ab5c3e-79c3-11e4-8b1e-d050992ecde8OpenVPN -- denial of service security vulnerability

The OpenVPN project reports:

In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability (CVE-2014-8104). The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the server. In other words this vulnerability is denial of service only.


Discovery 2014-12-01
Entry 2014-12-02
openvpn
lt 2.0.11

ge 2.1.0 lt 2.2.3

ge 2.3.0 lt 2.3.6

CVE-2014-8104
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
92f30415-9935-11e2-ad4c-080027ef73ecOpenVPN -- potential side-channel/timing attack when comparing HMACs

The OpenVPN project reports:

OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function.


Discovery 2013-03-19
Entry 2013-03-31
Modified 2013-06-01
openvpn
lt 2.0.9_4

ge 2.1.0 lt 2.2.2_2

ge 2.3.0 lt 2.3.1

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
CVE-2013-2061
http://www.openwall.com/lists/oss-security/2013/05/06/6
https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee
9f65d382-56a4-11e7-83e3-080027ef73ecOpenVPN -- several vulnerabilities

Samuli Seppänen reports:

In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. [...] The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17.

This is a list of fixed important vulnerabilities:

  • Remotely-triggerable ASSERT() on malformed IPv6 packet
  • Pre-authentication remote crash/information disclosure for clients
  • Potential double-free in --x509-alt-username
  • Remote-triggerable memory leaks
  • Post-authentication remote DoS when using the --x509-track option
  • Null-pointer dereference in establish_http_proxy_passthru()

Discovery 2017-05-19
Entry 2017-06-21
openvpn
lt 2.3.17

ge 2.4.0 lt 2.4.3

openvpn-mbedtls
lt 2.4.3

openvpn-polarssl
lt 2.3.17

https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
CVE-2017-7508
CVE-2017-7512
CVE-2017-7520
CVE-2017-7521
CVE-2017-7522
04cc7bd2-3686-11e7-aa64-080027ef73ecOpenVPN -- two remote denial-of-service vulnerabilities

Samuli Seppänen reports:

OpenVPN v2.4.0 was audited for security vulnerabilities independently by Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by Private Internet Access) between December 2016 and April 2017. The primary findings were two remote denial-of-service vulnerabilities. Fixes to them have been backported to v2.3.15.

An authenticated client can do the 'three way handshake' (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet is the first that is allowed to carry payload. If that payload is too big, the OpenVPN server process will stop running due to an ASSERT() exception. That is also the reason why servers using tls-auth/tls-crypt are protected against this attack - the P_CONTROL packet is only accepted if it contains the session ID we specified, with a valid HMAC (challenge-response). (CVE-2017-7478)

An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT() and stop running. To make the server hit the ASSERT(), the client must first cause the server to send it 2^32 packets (at least 196 GB).


Discovery 2017-05-10
Entry 2017-05-11
openvpn
lt 2.3.15

ge 2.4.0 lt 2.4.2

openvpn23
lt 2.3.15

openvpn-mbedtls
ge 2.4.0 lt 2.4.2

openvpn-polarssl
lt 2.3.15

openvpn23-polarssl
lt 2.3.15

https://openvpn.net/index.php/open-source/downloads.html
CVE-2017-7478
CVE-2017-7479
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://ostif.org/?p=870&preview=true
https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/