FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenVPN -- denial of service security vulnerability

Affected packages
openvpn < 2.0.11
2.1.0 <= openvpn < 2.2.3
2.3.0 <= openvpn < 2.3.6

Details

VuXML ID 23ab5c3e-79c3-11e4-8b1e-d050992ecde8
Discovery 2014-12-01
Entry 2014-12-02

The OpenVPN project reports:

In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability (CVE-2014-8104). The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the server. In other words this vulnerability is denial of service only.

References

CVE Name CVE-2014-8104
URL https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b