svn commit: r440653 - head/security/vuxml
Matthias Andree
mandree at FreeBSD.org
Thu May 11 20:28:00 UTC 2017
Author: mandree
Date: Thu May 11 20:27:59 2017
New Revision: 440653
URL: https://svnweb.freebsd.org/changeset/ports/440653
Log:
Add openvpn < 2.3.15/< 2.4.2 DoS vuln.
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
Reported by: Samuli Seppänen
Security: 04cc7bd2-3686-11e7-aa64-080027ef73ec
Security: CVE-2017-7478
Security: CVE-2017-7479
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu May 11 20:21:48 2017 (r440652)
+++ head/security/vuxml/vuln.xml Thu May 11 20:27:59 2017 (r440653)
@@ -58,6 +58,70 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="04cc7bd2-3686-11e7-aa64-080027ef73ec">
+ <topic>OpenVPN -- two remote denial-of-service vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openvpn</name>
+ <range><lt>2.3.15</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.2</lt></range>
+ </package>
+ <package>
+ <name>openvpn23</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ <package>
+ <name>openvpn-mbedtls</name>
+ <range><ge>2.4.0</ge><lt>2.4.2</lt></range>
+ </package>
+ <package>
+ <name>openvpn-polarssl</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ <package>
+ <name>openvpn23-polarssl</name>
+ <range><lt>2.3.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samuli Seppänen reports:</p>
+ <blockquote cite="https://openvpn.net/index.php/open-source/downloads.html">
+ <p>OpenVPN v2.4.0 was audited for security vulnerabilities independently by
+ Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by
+ Private Internet Access) between December 2016 and April 2017. The
+ primary findings were two remote denial-of-service vulnerabilities.
+ Fixes to them have been backported to v2.3.15.</p>
+ <p>An authenticated client can do the 'three way handshake'
+ (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet
+ is the first that is allowed to carry payload. If that payload is
+ too big, the OpenVPN server process will stop running due to an
+ ASSERT() exception. That is also the reason why servers using
+ tls-auth/tls-crypt are protected against this attack - the P_CONTROL
+ packet is only accepted if it contains the session ID we specified,
+ with a valid HMAC (challenge-response). (CVE-2017-7478)</p>
+ <p>An authenticated client can cause the server's the packet-id
+ counter to roll over, which would lead the server process to hit an
+ ASSERT() and stop running. To make the server hit the ASSERT(), the
+ client must first cause the server to send it 2^32 packets (at least
+ 196 GB).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://openvpn.net/index.php/open-source/downloads.html</url>
+ <cvename>CVE-2017-7478</cvename>
+ <cvename>CVE-2017-7479</cvename>
+ <url>https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits</url>
+ <url>https://ostif.org/?p=870&preview=true</url>
+ <url>https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/</url>
+ </references>
+ <dates>
+ <discovery>2017-05-10</discovery>
+ <entry>2017-05-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="414c18bf-3653-11e7-9550-6cc21735f730">
<topic>PostgreSQL vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list