Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2531

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2531
Last Modified 05 Sep 2008 04:52:00
Published 24 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2531

Summary

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.

Vulnerable Systems

Application

  • Openvpn 2.0

  • Openvpn 2.0 Beta1

  • Openvpn 2.0 Beta10

  • Openvpn 2.0 Beta11

  • Openvpn 2.0 Beta12

  • Openvpn 2.0 Beta13

  • Openvpn 2.0 Beta15

  • Openvpn 2.0 Beta16

  • Openvpn 2.0 Beta17

  • Openvpn 2.0 Beta18

  • Openvpn 2.0 Beta19

  • Openvpn 2.0 Beta2

  • Openvpn 2.0 Beta20

  • Openvpn 2.0 Beta28

  • Openvpn 2.0 Beta3

  • Openvpn 2.0 Beta4

  • Openvpn 2.0 Beta5

  • Openvpn 2.0 Beta6

  • Openvpn 2.0 Beta7

  • Openvpn 2.0 Beta8

  • Openvpn 2.0 Beta9

  • Openvpn 2.0 Rc1

  • Openvpn 2.0 Rc10

  • Openvpn 2.0 Rc11

  • Openvpn 2.0 Rc12

  • Openvpn 2.0 Rc13

  • Openvpn 2.0 Rc14

  • Openvpn 2.0 Rc15

  • Openvpn 2.0 Rc16

  • Openvpn 2.0 Rc17

  • Openvpn 2.0 Rc18

  • Openvpn 2.0 Rc19

  • Openvpn 2.0 Rc2

  • Openvpn 2.0 Rc20

  • Openvpn 2.0 Rc21

  • Openvpn 2.0 Rc3

  • Openvpn 2.0 Rc4

  • Openvpn 2.0 Rc5

  • Openvpn 2.0 Rc6

  • Openvpn 2.0 Rc7

  • Openvpn 2.0 Rc8

  • Openvpn 2.0 Rc9

  • Openvpn 2.0 Test1

  • Openvpn 2.0 Test10

  • Openvpn 2.0 Test11

  • Openvpn 2.0 Test12

  • Openvpn 2.0 Test14

  • Openvpn 2.0 Test15

  • Openvpn 2.0 Test16

  • Openvpn 2.0 Test17

  • Openvpn 2.0 Test18

  • Openvpn 2.0 Test19

  • Openvpn 2.0 Test2

  • Openvpn 2.0 Test20

  • Openvpn 2.0 Test21

  • Openvpn 2.0 Test22

  • Openvpn 2.0 Test23

  • Openvpn 2.0 Test24

  • Openvpn 2.0 Test26

  • Openvpn 2.0 Test27

  • Openvpn 2.0 Test29

  • Openvpn 2.0 Test3

  • Openvpn 2.0 Test5

  • Openvpn 2.0 Test6

  • Openvpn 2.0 Test7

  • Openvpn 2.0 Test8

  • Openvpn 2.0 Test9

  • Openvpn 2.0.1 Rc1

  • Openvpn 2.0.1 Rc2

  • Openvpn 2.0.1 Rc3

  • Openvpn 2.0.1 Rc4

  • Openvpn 2.0.1 Rc5

  • Openvpn 2.0.1 Rc6

  • Openvpn 2.0.1 Rc7


References

MANDRIVA - MDKSA-2005:145

BID - 14605

SUSE - SUSE-SR:2005:020

DEBIAN - DSA-851

SECUNIA - 17103

SECUNIA - 16463

CONFIRM - http://openvpn.net/changelog.html


Last Updated: 27 May 2016 10:40:33