openvpn software vulnerabilities
vulnerabilities.aspcode.net
Searching openvpn software vulnerabilities
OpenVPN before 2.0.1, when running with "verb 0
OpenVPN
|
before
|
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
OpenVPN before 2.0.1 does not properly flush th
OpenVPN
|
before
|
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.
OpenVPN before 2.0.1, when running in "dev tap"
OpenVPN
|
before
|
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.
Race condition in OpenVPN before 2.0.1, when --
condition
|
OpenVPN
|
before
|
Race
|
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.
Format string vulnerability in the foreign_opti
foreign_option
|
vulnerability
|
dhcp-option
|
specifiers
|
arbitrary
|
optionsc
|
function
|
clients
|
execute
|
OpenVPN
|
command
|
option
|
allows
|
string
|
Format
|
remote
|
code
|
push
|
via
|
20x
|
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
OpenVPN 2.x before 2.0.4, when running in TCP m
OpenVPN
|
before
|
OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
OpenVPN 2.0.7 and earlier, when configured to u
OpenVPN
|
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
Software vulnerabilities results 1 to 8 of 8
Page:
1