Date: Thu, 11 May 2017 20:27:59 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r440653 - head/security/vuxml Message-ID: <201705112027.v4BKRxVu019782@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Thu May 11 20:27:59 2017 New Revision: 440653 URL: https://svnweb.freebsd.org/changeset/ports/440653 Log: Add openvpn < 2.3.15/< 2.4.2 DoS vuln. https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Reported by: Samuli Seppänen Security: 04cc7bd2-3686-11e7-aa64-080027ef73ec Security: CVE-2017-7478 Security: CVE-2017-7479 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu May 11 20:21:48 2017 (r440652) +++ head/security/vuxml/vuln.xml Thu May 11 20:27:59 2017 (r440653) @@ -58,6 +58,70 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="04cc7bd2-3686-11e7-aa64-080027ef73ec"> + <topic>OpenVPN -- two remote denial-of-service vulnerabilities</topic> + <affects> + <package> + <name>openvpn</name> + <range><lt>2.3.15</lt></range> + <range><ge>2.4.0</ge><lt>2.4.2</lt></range> + </package> + <package> + <name>openvpn23</name> + <range><lt>2.3.15</lt></range> + </package> + <package> + <name>openvpn-mbedtls</name> + <range><ge>2.4.0</ge><lt>2.4.2</lt></range> + </package> + <package> + <name>openvpn-polarssl</name> + <range><lt>2.3.15</lt></range> + </package> + <package> + <name>openvpn23-polarssl</name> + <range><lt>2.3.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Samuli Seppänen reports:</p> + <blockquote cite="https://openvpn.net/index.php/open-source/downloads.html">; + <p>OpenVPN v2.4.0 was audited for security vulnerabilities independently by + Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by + Private Internet Access) between December 2016 and April 2017. The + primary findings were two remote denial-of-service vulnerabilities. + Fixes to them have been backported to v2.3.15.</p> + <p>An authenticated client can do the 'three way handshake' + (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet + is the first that is allowed to carry payload. If that payload is + too big, the OpenVPN server process will stop running due to an + ASSERT() exception. That is also the reason why servers using + tls-auth/tls-crypt are protected against this attack - the P_CONTROL + packet is only accepted if it contains the session ID we specified, + with a valid HMAC (challenge-response). (CVE-2017-7478)</p> + <p>An authenticated client can cause the server's the packet-id + counter to roll over, which would lead the server process to hit an + ASSERT() and stop running. To make the server hit the ASSERT(), the + client must first cause the server to send it 2^32 packets (at least + 196 GB).</p> + </blockquote> + </body> + </description> + <references> + <url>https://openvpn.net/index.php/open-source/downloads.html</url>; + <cvename>CVE-2017-7478</cvename> + <cvename>CVE-2017-7479</cvename> + <url>https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits</url>; + <url>https://ostif.org/?p=870&preview=true</url>; + <url>https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/</url>; + </references> + <dates> + <discovery>2017-05-10</discovery> + <entry>2017-05-11</entry> + </dates> + </vuln> + <vuln vid="414c18bf-3653-11e7-9550-6cc21735f730"> <topic>PostgreSQL vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705112027.v4BKRxVu019782>