svn commit: r450788 - head/security/vuxml

Matthias Andree mandree at FreeBSD.org
Wed Sep 27 21:13:25 UTC 2017 

Author: mandree
Date: Wed Sep 27 21:13:23 2017
New Revision: 450788
URL: https://svnweb.freebsd.org/changeset/ports/450788

Log:
  Document OpenVPN <2.4.4 CVE-2017-12166 legacy vuln.
  
  Security:	CVE-2017-12166
  Security:	3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Sep 27 21:07:48 2017	(r450787)
+++ head/security/vuxml/vuln.xml	Wed Sep 27 21:13:23 2017	(r450788)
@@ -58,6 +58,41 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8">
+    <topic>OpenVPN -- out-of-bounds write in legacy key-method 1</topic>
+    <affects>
+      <package>
+	<name>openvpn</name>
+	<range><ge>2.4.0</ge><lt>2.4.4</lt></range>
+	<range><lt>2.3.18</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Steffan Karger reports:</p>
+	<blockquote cite="https://community.openvpn.net/openvpn/wiki/CVE-2017-12166">
+	  <p>The bounds check in read_key() was performed after using the value,
+	    instead of before. If 'key-method 1' is used, this allowed an
+	    attacker to send a malformed packet to trigger a stack buffer
+	    overflow. [...]</p>
+	  <p>Note that 'key-method 1' has been replaced by 'key method 2' as the
+	    default in OpenVPN 2.0 (released on 2005-04-17), and explicitly
+	    deprecated in 2.4 and marked for removal in 2.5. This should limit
+	    the amount of users impacted by this issue.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://community.openvpn.net/openvpn/wiki/CVE-2017-12166</url>
+      <url>https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html</url>
+      <cvename>CVE-2017-12166</cvename>
+    </references>
+    <dates>
+      <discovery>2017-09-21</discovery>
+      <entry>2017-09-27</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="16fb4f83-a2ab-11e7-9c14-009c02a2ab30">
     <topic>ImageMagick -- denial of service via a crafted font file</topic>
     <affects>

More information about the svn-ports-all mailing list