Описание
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 2.0.6-1 |
| devel | released | 2.0.6-1 |
| edgy | released | 2.0.6-1 |
| feisty | released | 2.0.6-1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
5 Medium
CVSS2
Связанные уязвимости
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authe ...
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации
5 Medium
CVSS2