Vulnerabilities > CVE-2005-2531 - Denial Of Service vulnerability in OpenVPN Failed Authentication
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
Vulnerable Configurations
Nessus
NASL family Windows NASL id OPENVPN_2_0_1.NASL description According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is prior to 2.0.1. It is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in OpenVPN due to its OpenSSL error queue not being flushed properly. An unauthenticated, remote attacker can exploit this issue, by sending a large number of incorrect connection requests, to cause the application to stop responding (CVE-2005-2531) & (CVE-2005-2532). - OpenVPN is affected by a denial of service (DoS) vulnerability. An authenticated, remote attacker can exploit this issue, by sending a large of number of packets with spoofed MAC addresses, to cause the application to stop responding (CVE-2005-2533). - A denial of service (DoS) vulnerability exists in OpenVPN when --duplicate-cn is not enabled. An unauthenticated, remote attacker can exploit this issue, by issuing simultaneous tcp connections from multiple clients that use the same certificate, to cause the application to stop responding (CVE-2005-2534). last seen 2020-06-01 modified 2020-06-02 plugin id 125261 published 2019-05-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125261 title OpenVPN < 2.0.1 Multiple Vulnerabilities (Windows) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-851.NASL description Several security related problems have been discovered in openvpn, a Virtual Private Network daemon. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2531 Wrong processing of failed certificate authentication when running with last seen 2020-06-01 modified 2020-06-02 plugin id 19959 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19959 title Debian DSA-851-1 : openvpn - programming errors NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A51AD838207748B2A136E888A7DB5F8D.NASL description James Yonan reports : DoS attack against server when run with last seen 2020-06-01 modified 2020-06-02 plugin id 21488 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21488 title FreeBSD : openvpn -- denial of service: client certificate validation can disconnect unrelated clients (a51ad838-2077-48b2-a136-e888a7db5f8d)
References
- http://openvpn.net/changelog.html
- http://secunia.com/advisories/16463
- http://secunia.com/advisories/17103
- http://www.debian.org/security/2005/dsa-851
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:145
- http://www.novell.com/linux/security/advisories/2005_20_sr.html
- http://www.securityfocus.com/bid/14605