5

CVE-2005-2531

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenvpnOpenvpn Version2.0
OpenvpnOpenvpn Version2.0.1_rc1
OpenvpnOpenvpn Version2.0.1_rc2
OpenvpnOpenvpn Version2.0.1_rc3
OpenvpnOpenvpn Version2.0.1_rc4
OpenvpnOpenvpn Version2.0.1_rc5
OpenvpnOpenvpn Version2.0.1_rc6
OpenvpnOpenvpn Version2.0.1_rc7
OpenvpnOpenvpn Version2.0_beta1
OpenvpnOpenvpn Version2.0_beta2
OpenvpnOpenvpn Version2.0_beta3
OpenvpnOpenvpn Version2.0_beta4
OpenvpnOpenvpn Version2.0_beta5
OpenvpnOpenvpn Version2.0_beta6
OpenvpnOpenvpn Version2.0_beta7
OpenvpnOpenvpn Version2.0_beta8
OpenvpnOpenvpn Version2.0_beta9
OpenvpnOpenvpn Version2.0_beta10
OpenvpnOpenvpn Version2.0_beta11
OpenvpnOpenvpn Version2.0_beta12
OpenvpnOpenvpn Version2.0_beta13
OpenvpnOpenvpn Version2.0_beta15
OpenvpnOpenvpn Version2.0_beta16
OpenvpnOpenvpn Version2.0_beta17
OpenvpnOpenvpn Version2.0_beta18
OpenvpnOpenvpn Version2.0_beta19
OpenvpnOpenvpn Version2.0_beta20
OpenvpnOpenvpn Version2.0_beta28
OpenvpnOpenvpn Version2.0_rc1
OpenvpnOpenvpn Version2.0_rc2
OpenvpnOpenvpn Version2.0_rc3
OpenvpnOpenvpn Version2.0_rc4
OpenvpnOpenvpn Version2.0_rc5
OpenvpnOpenvpn Version2.0_rc6
OpenvpnOpenvpn Version2.0_rc7
OpenvpnOpenvpn Version2.0_rc8
OpenvpnOpenvpn Version2.0_rc9
OpenvpnOpenvpn Version2.0_rc10
OpenvpnOpenvpn Version2.0_rc11
OpenvpnOpenvpn Version2.0_rc12
OpenvpnOpenvpn Version2.0_rc13
OpenvpnOpenvpn Version2.0_rc14
OpenvpnOpenvpn Version2.0_rc15
OpenvpnOpenvpn Version2.0_rc16
OpenvpnOpenvpn Version2.0_rc17
OpenvpnOpenvpn Version2.0_rc18
OpenvpnOpenvpn Version2.0_rc19
OpenvpnOpenvpn Version2.0_rc20
OpenvpnOpenvpn Version2.0_rc21
OpenvpnOpenvpn Version2.0_test1
OpenvpnOpenvpn Version2.0_test2
OpenvpnOpenvpn Version2.0_test3
OpenvpnOpenvpn Version2.0_test5
OpenvpnOpenvpn Version2.0_test6
OpenvpnOpenvpn Version2.0_test7
OpenvpnOpenvpn Version2.0_test8
OpenvpnOpenvpn Version2.0_test9
OpenvpnOpenvpn Version2.0_test10
OpenvpnOpenvpn Version2.0_test11
OpenvpnOpenvpn Version2.0_test12
OpenvpnOpenvpn Version2.0_test14
OpenvpnOpenvpn Version2.0_test15
OpenvpnOpenvpn Version2.0_test16
OpenvpnOpenvpn Version2.0_test17
OpenvpnOpenvpn Version2.0_test18
OpenvpnOpenvpn Version2.0_test19
OpenvpnOpenvpn Version2.0_test20
OpenvpnOpenvpn Version2.0_test21
OpenvpnOpenvpn Version2.0_test22
OpenvpnOpenvpn Version2.0_test23
OpenvpnOpenvpn Version2.0_test24
OpenvpnOpenvpn Version2.0_test26
OpenvpnOpenvpn Version2.0_test27
OpenvpnOpenvpn Version2.0_test29
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.97% 0.778
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.novell.com/linux/security/advisories/2005_20_sr.html
http://openvpn.net/changelog.html
http://secunia.com/advisories/16463
http://secunia.com/advisories/17103
http://www.debian.org/security/2005/dsa-851
http://www.mandriva.com/security/advisories?name=MDKSA-2005:145
Patch
Vendor Advisory
http://www.securityfocus.com/bid/14605