CVE-2005-2534

Properties

Published:
23.08.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:N/A:C/B:N) Approximated
    Product:
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN
    OpenVPN: OpenVPN

    Vulnerability description

    Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.

    References:

    MANDRAKE: http://www.mandriva.com/security/advisories?name=MDKSA-2005:145
    DEBIAN: http://www.debian.org/security/2005/dsa-851
    http://openvpn.net/changelog.html: http://openvpn.net/changelog.html
    SECUNIA: http://secunia.com/advisories/16463
    SECUNIA: http://secunia.com/advisories/17103