CVE-2005-2532

Properties

Published:
23.08.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:N/A:C/B:N) Approximated
    Product:
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN

    Vulnerability description

    OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.

    References:

    MANDRAKE: http://www.mandriva.com/security/advisories?name=MDKSA-2005:145
    DEBIAN: http://www.debian.org/security/2005/dsa-851
    http://openvpn.net/changelog.html: http://openvpn.net/changelog.html
    SECUNIA: http://secunia.com/advisories/16463
    SECUNIA: http://secunia.com/advisories/17103