OpenVPN 2.x prior to 2.0.11, 2.1.x, 2.2.x prior to 2.2.3, and 2.3.x prior to 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mageia mageia 4.0 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
opensuse opensuse 12.3 |
||
openvpn openvpn 2.0_test1 |
||
openvpn openvpn 2.0_test11 |
||
openvpn openvpn 2.0_test19 |
||
openvpn openvpn 2.0_test20 |
||
openvpn openvpn 2.0_test27 |
||
openvpn openvpn 2.0_test29 |
||
openvpn openvpn 2.0_test7 |
||
openvpn openvpn 2.0_test9 |
||
openvpn openvpn 2.0_rc15 |
||
openvpn openvpn 2.0_rc17 |
||
openvpn openvpn 2.0_rc4 |
||
openvpn openvpn 2.0_rc6 |
||
openvpn openvpn 2.0.1_rc1 |
||
openvpn openvpn 2.0.1_rc3 |
||
openvpn openvpn 2.0.1_rc5 |
||
openvpn openvpn access server 2.0.3 |
||
openvpn openvpn 2.0.4 |
||
openvpn openvpn access server 2.0.10 |
||
openvpn openvpn 2.1 |
||
openvpn openvpn 2.1.2 |
||
openvpn openvpn 2.1.4 |
||
openvpn openvpn 2.2 |
||
openvpn openvpn 2.3.0 |
||
openvpn openvpn 2.3 |
||
openvpn openvpn access server 2.0.0 |
||
openvpn openvpn 2.0_test22 |
||
openvpn openvpn 2.0_test23 |
||
openvpn openvpn 2.0_test24 |
||
openvpn openvpn 2.0_test25 |
||
openvpn openvpn 2.0_rc10 |
||
openvpn openvpn 2.0_rc11 |
||
openvpn openvpn 2.0_rc12 |
||
openvpn openvpn 2.0_rc13 |
||
openvpn openvpn 2.0_rc14 |
||
openvpn openvpn 2.0_rc7 |
||
openvpn openvpn 2.0_rc8 |
||
openvpn openvpn 2.0_rc9 |
||
openvpn openvpn access server 2.0.1 |
||
openvpn openvpn access server 2.0.6 |
||
openvpn openvpn 2.0.6_rc1 |
||
openvpn openvpn access server 2.0.7 |
||
openvpn openvpn access server 2.0.8 |
||
openvpn openvpn 2.2.1 |
||
openvpn openvpn 2.2.2 |
||
openvpn openvpn 2.0_test14 |
||
openvpn openvpn 2.0_test15 |
||
openvpn openvpn 2.0_test16 |
||
openvpn openvpn 2.0_test17 |
||
openvpn openvpn 2.0_test18 |
||
openvpn openvpn 2.0_test3 |
||
openvpn openvpn 2.0_test4 |
||
openvpn openvpn 2.0_test5 |
||
openvpn openvpn 2.0_test6 |
||
openvpn openvpn 2.0_rc19 |
||
openvpn openvpn 2.0_rc2 |
||
openvpn openvpn 2.0_rc20 |
||
openvpn openvpn 2.0_rc21 |
||
openvpn openvpn 2.0.1_rc6 |
||
openvpn openvpn 2.0.1_rc7 |
||
openvpn openvpn access server 2.0.2 |
||
openvpn openvpn 2.0.2_rc1 |
||
openvpn openvpn 2.1.1 |
||
openvpn openvpn 2.3.1 |
||
openvpn openvpn 2.3.2 |
||
openvpn openvpn 2.3.3 |
||
openvpn openvpn 2.3.4 |
||
openvpn openvpn 2.3.5 |
||
openvpn openvpn 2.0_test10 |
||
openvpn openvpn 2.0_test12 |
||
openvpn openvpn 2.0_test2 |
||
openvpn openvpn 2.0_test21 |
||
openvpn openvpn 2.0_test26 |
||
openvpn openvpn 2.0_test28 |
||
openvpn openvpn 2.0_test8 |
||
openvpn openvpn 2.0_rc1 |
||
openvpn openvpn 2.0_rc16 |
||
openvpn openvpn 2.0_rc18 |
||
openvpn openvpn 2.0_rc3 |
||
openvpn openvpn 2.0_rc5 |
||
openvpn openvpn 2.0.1_rc2 |
||
openvpn openvpn 2.0.1_rc4 |
||
openvpn openvpn 2.0.3_rc1 |
||
openvpn openvpn access server 2.0.5 |
||
openvpn openvpn 2.0.9 |
||
openvpn openvpn 2.1.0 |
||
openvpn openvpn 2.1.3 |
||
openvpn openvpn 2.2.0 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 12.04 |
VPN providers patch! Everyone else relax.
OpenVPN has patched a denial-of-service vulnerability which authenticated users could trigger by sending malicious packets. The flaw (CVE-2014-8104) is most hurtful to VPN service providers and was reported by researcher Dragana Damjanovic to OpenVPN last month. Maintainers said in an advisory issued this morning that the flaw affected versions back to at least 2005 and allowed TLS-authenticated clients to crash the server by sending a too-short control channel packet to the server. "In other wo...