Download
| Alert*
|
oval:org.secpod.oval:def:104900
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:104899 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:1600244 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. oval:org.secpod.oval:def:1300197 Updated openvpn package fixes security vulnerability: OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementation o ... oval:org.secpod.oval:def:16230 The host is installed with OpenVPN 2.3.0 and earlier are prone to information disclosure vulnerability. The flaw is present in the application, which fails to properly handle the openvpn_decrypt function in crypto.c. Successful exploitation allows remote attackers to cause timing attack involving an ... oval:org.secpod.oval:def:702249 openvpn: virtual private network software OpenVPN could be made to expose sensitive information over the network. |
