Vulnerabilities > CVE-2005-2532 - Denial Of Service vulnerability in OpenVPN Packet Decryption Failure
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.
Vulnerable Configurations
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D1C39C8E05AB4739870F765490FA2052.NASL description James Yonan reports : If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client. last seen 2020-06-01 modified 2020-06-02 plugin id 21513 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21513 title FreeBSD : openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients (d1c39c8e-05ab-4739-870f-765490fa2052) NASL family Windows NASL id OPENVPN_2_0_1.NASL description According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is prior to 2.0.1. It is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in OpenVPN due to its OpenSSL error queue not being flushed properly. An unauthenticated, remote attacker can exploit this issue, by sending a large number of incorrect connection requests, to cause the application to stop responding (CVE-2005-2531) & (CVE-2005-2532). - OpenVPN is affected by a denial of service (DoS) vulnerability. An authenticated, remote attacker can exploit this issue, by sending a large of number of packets with spoofed MAC addresses, to cause the application to stop responding (CVE-2005-2533). - A denial of service (DoS) vulnerability exists in OpenVPN when --duplicate-cn is not enabled. An unauthenticated, remote attacker can exploit this issue, by issuing simultaneous tcp connections from multiple clients that use the same certificate, to cause the application to stop responding (CVE-2005-2534). last seen 2020-06-01 modified 2020-06-02 plugin id 125261 published 2019-05-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125261 title OpenVPN < 2.0.1 Multiple Vulnerabilities (Windows) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-851.NASL description Several security related problems have been discovered in openvpn, a Virtual Private Network daemon. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2531 Wrong processing of failed certificate authentication when running with last seen 2020-06-01 modified 2020-06-02 plugin id 19959 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19959 title Debian DSA-851-1 : openvpn - programming errors