FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  518000
Date:      2019-11-20
Time:      10:57:40Z
Committer: zeising

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8OpenVPN -- out-of-bounds write in legacy key-method 1

Steffan Karger reports:

The bounds check in read_key() was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. [...]

Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4 and marked for removal in 2.5. This should limit the amount of users impacted by this issue.


Discovery 2017-09-21
Entry 2017-09-27
openvpn-polarssl
lt 2.3.18

openvpn-mbedtls
ge 2.4.0 lt 2.4.4

openvpn
ge 2.4.0 lt 2.4.4

lt 2.3.18

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html
CVE-2017-12166
5ad3e437-e527-4514-b9ed-280b2ca1a8c9openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server

James Yonan reports:

If two or more client machines try to connect to the server at the same time via TCP, using the same client certificate, and when --duplicate-cn is not enabled on the server, a race condition can crash the server with "Assertion failed at mtcp.c:411"


Discovery 2005-08-03
Entry 2005-08-19
openvpn
lt 2.0.1

CVE-2005-2534
http://openvpn.net/changelog.html
92f30415-9935-11e2-ad4c-080027ef73ecOpenVPN -- potential side-channel/timing attack when comparing HMACs

The OpenVPN project reports:

OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function.


Discovery 2013-03-19
Entry 2013-03-31
Modified 2013-06-01
openvpn
lt 2.0.9_4

ge 2.1.0 lt 2.2.2_2

ge 2.3.0 lt 2.3.1

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
CVE-2013-2061
http://www.openwall.com/lists/oss-security/2013/05/06/6
https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee
23ab5c3e-79c3-11e4-8b1e-d050992ecde8OpenVPN -- denial of service security vulnerability

The OpenVPN project reports:

In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability (CVE-2014-8104). The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the server. In other words this vulnerability is denial of service only.


Discovery 2014-12-01
Entry 2014-12-02
openvpn
lt 2.0.11

ge 2.1.0 lt 2.2.3

ge 2.3.0 lt 2.3.6

CVE-2014-8104
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
5ad3e437-e527-4514-b9ed-280b2ca1a8c9openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server

James Yonan reports:

If two or more client machines try to connect to the server at the same time via TCP, using the same client certificate, and when --duplicate-cn is not enabled on the server, a race condition can crash the server with "Assertion failed at mtcp.c:411"


Discovery 2005-08-03
Entry 2005-08-19
openvpn
lt 2.0.1

CVE-2005-2534
http://openvpn.net/changelog.html
0dc8be9e-19af-11e6-8de0-080027ef73ecOpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing

Samuli Seppänen reports:

OpenVPN 2.3.11 [...] fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication.[...]


Discovery 2016-03-03
Entry 2016-05-14
openvpn
lt 2.3.11

openvpn-polarssl
lt 2.3.11

https://sourceforge.net/p/openvpn/mailman/message/35076507/
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
a51ad838-2077-48b2-a136-e888a7db5f8dopenvpn -- denial of service: client certificate validation can disconnect unrelated clients

James Yonan reports:

DoS attack against server when run with "verb 0" and without "tls-auth". If a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client.


Discovery 2005-08-03
Entry 2005-08-19
openvpn
lt 2.0.1

CVE-2005-2531
http://openvpn.net/changelog.html
04cc7bd2-3686-11e7-aa64-080027ef73ecOpenVPN -- two remote denial-of-service vulnerabilities

Samuli Seppänen reports:

OpenVPN v2.4.0 was audited for security vulnerabilities independently by Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by Private Internet Access) between December 2016 and April 2017. The primary findings were two remote denial-of-service vulnerabilities. Fixes to them have been backported to v2.3.15.

An authenticated client can do the 'three way handshake' (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet is the first that is allowed to carry payload. If that payload is too big, the OpenVPN server process will stop running due to an ASSERT() exception. That is also the reason why servers using tls-auth/tls-crypt are protected against this attack - the P_CONTROL packet is only accepted if it contains the session ID we specified, with a valid HMAC (challenge-response). (CVE-2017-7478)

An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT() and stop running. To make the server hit the ASSERT(), the client must first cause the server to send it 2^32 packets (at least 196 GB).


Discovery 2017-05-10
Entry 2017-05-11
openvpn
lt 2.3.15

ge 2.4.0 lt 2.4.2

openvpn23
lt 2.3.15

openvpn-mbedtls
ge 2.4.0 lt 2.4.2

openvpn-polarssl
lt 2.3.15

openvpn23-polarssl
lt 2.3.15

https://openvpn.net/index.php/open-source/downloads.html
CVE-2017-7478
CVE-2017-7479
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://ostif.org/?p=870&preview=true
https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/
9f65d382-56a4-11e7-83e3-080027ef73ecOpenVPN -- several vulnerabilities

Samuli Seppänen reports:

In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. [...] The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17.

This is a list of fixed important vulnerabilities:

  • Remotely-triggerable ASSERT() on malformed IPv6 packet
  • Pre-authentication remote crash/information disclosure for clients
  • Potential double-free in --x509-alt-username
  • Remote-triggerable memory leaks
  • Post-authentication remote DoS when using the --x509-track option
  • Null-pointer dereference in establish_http_proxy_passthru()

Discovery 2017-05-19
Entry 2017-06-21
openvpn
lt 2.3.17

ge 2.4.0 lt 2.4.3

openvpn-mbedtls
lt 2.4.3

openvpn-polarssl
lt 2.3.17

https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
CVE-2017-7508
CVE-2017-7512
CVE-2017-7520
CVE-2017-7521
CVE-2017-7522
d1c39c8e-05ab-4739-870f-765490fa2052openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients

James Yonan reports:

If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client.


Discovery 2005-07-27
Entry 2005-08-19
openvpn
lt 2.0.1

CVE-2005-2532
http://openvpn.net/changelog.html
1986449a-8b74-40fa-b7cc-0d8def8aad65openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory

James Yonan reports:

A malicious [authenticated] client in "dev tap" ethernet bridging mode could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, causing the OpenVPN process to deplete system virtual memory as it expands its internal routing table.


Discovery 2005-07-27
Entry 2005-08-19
openvpn
lt 2.0.1

CVE-2005-2533
http://openvpn.net/changelog.html
d1c39c8e-05ab-4739-870f-765490fa2052openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients

James Yonan reports:

If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client.


Discovery 2005-07-27
Entry 2005-08-19
openvpn
lt 2.0.1

CVE-2005-2532
http://openvpn.net/changelog.html
1986449a-8b74-40fa-b7cc-0d8def8aad65openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory

James Yonan reports:

A malicious [authenticated] client in "dev tap" ethernet bridging mode could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, causing the OpenVPN process to deplete system virtual memory as it expands its internal routing table.


Discovery 2005-07-27
Entry 2005-08-19
openvpn
lt 2.0.1

CVE-2005-2533
http://openvpn.net/changelog.html
a51ad838-2077-48b2-a136-e888a7db5f8dopenvpn -- denial of service: client certificate validation can disconnect unrelated clients

James Yonan reports:

DoS attack against server when run with "verb 0" and without "tls-auth". If a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client.


Discovery 2005-08-03
Entry 2005-08-19
openvpn
lt 2.0.1

CVE-2005-2531
http://openvpn.net/changelog.html