svn commit: r450788 - head/security/vuxml
Matthias Andree
mandree at FreeBSD.org
Wed Sep 27 21:13:25 UTC 2017
Author: mandree
Date: Wed Sep 27 21:13:23 2017
New Revision: 450788
URL: https://svnweb.freebsd.org/changeset/ports/450788
Log:
Document OpenVPN <2.4.4 CVE-2017-12166 legacy vuln.
Security: CVE-2017-12166
Security: 3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Sep 27 21:07:48 2017 (r450787)
+++ head/security/vuxml/vuln.xml Wed Sep 27 21:13:23 2017 (r450788)
@@ -58,6 +58,41 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8">
+ <topic>OpenVPN -- out-of-bounds write in legacy key-method 1</topic>
+ <affects>
+ <package>
+ <name>openvpn</name>
+ <range><ge>2.4.0</ge><lt>2.4.4</lt></range>
+ <range><lt>2.3.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Steffan Karger reports:</p>
+ <blockquote cite="https://community.openvpn.net/openvpn/wiki/CVE-2017-12166">
+ <p>The bounds check in read_key() was performed after using the value,
+ instead of before. If 'key-method 1' is used, this allowed an
+ attacker to send a malformed packet to trigger a stack buffer
+ overflow. [...]</p>
+ <p>Note that 'key-method 1' has been replaced by 'key method 2' as the
+ default in OpenVPN 2.0 (released on 2005-04-17), and explicitly
+ deprecated in 2.4 and marked for removal in 2.5. This should limit
+ the amount of users impacted by this issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://community.openvpn.net/openvpn/wiki/CVE-2017-12166</url>
+ <url>https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html</url>
+ <cvename>CVE-2017-12166</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-21</discovery>
+ <entry>2017-09-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="16fb4f83-a2ab-11e7-9c14-009c02a2ab30">
<topic>ImageMagick -- denial of service via a crafted font file</topic>
<affects>
More information about the svn-ports-all
mailing list