This CVE name corresponds to:
| Entered | Topic |
|---|---|
| 2005-08-19 | openvpn -- denial of service: client certificate validation can disconnect unrelated clients |
The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.
| Type | Candidate |
| Name | CVE-2005-2531 |
| Phase | Assigned(20050810) |
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
| Source | Reference |
|---|---|
| DEBIAN | DSA-851 |
| MANDRIVA | MDKSA-2005:145 |
| CONFIRM | http://openvpn.net/changelog.html |
| SUSE | SUSE-SR:2005:020 |
| BID | 14605 |
| SECUNIA | 16463 |
| SECUNIA | 17103 |
Copyright © 2005 The MITRE Corporation.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.