CVE-2005-3409
CVSS5.0
发布时间 :2005-11-01 19:02:00
修订时间 :2008-09-05 16:54:18
NMCOS    

[原文]OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.


[CNNVD]OpenVPN TCP模式服务器远程拒绝服务漏洞(CNNVD-200511-011)

        OpenVPN是一个用于创建虚拟专用网络加密通道的软件包。
        OpenVPN 2.0.4之前的2.x版以TCP模式运行时,可让远程攻击者使系统强制接受函数调用以返回错误状态而拒绝服务(分段错误),这会导致在异常处理中有空的取消引用。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:openvpn:openvpn:2.0_rc11
cpe:/a:openvpn:openvpn:2.0_rc14
cpe:/a:openvpn:openvpn:2.0_rc4
cpe:/a:openvpn:openvpn:2.0_test21
cpe:/a:openvpn:openvpn:2.0_test22
cpe:/a:openvpn:openvpn:2.0_beta19
cpe:/a:openvpn:openvpn:2.0_rc5
cpe:/a:openvpn:openvpn:2.0_test27
cpe:/a:openvpn:openvpn:2.0_beta28
cpe:/a:openvpn:openvpn:2.0_rc16
cpe:/a:openvpn:openvpn:2.0_test1
cpe:/a:openvpn:openvpn:2.0_rc15
cpe:/a:openvpn:openvpn:2.0_beta6
cpe:/a:openvpn:openvpn:2.0_beta18
cpe:/a:openvpn:openvpn:2.0_beta8
cpe:/a:openvpn:openvpn:2.0_beta13
cpe:/a:openvpn:openvpn:2.0_test11
cpe:/a:openvpn:openvpn:2.0_rc9
cpe:/a:openvpn:openvpn:2.0.1_rc2
cpe:/a:openvpn:openvpn:2.0_rc1
cpe:/a:openvpn:openvpn:2.0_test6
cpe:/a:openvpn:openvpn:2.0_beta9
cpe:/a:openvpn:openvpn:2.0.1_rc1
cpe:/a:openvpn:openvpn:2.0_rc12
cpe:/a:openvpn:openvpn:2.0_test5
cpe:/a:openvpn:openvpn:2.0_test9
cpe:/a:openvpn:openvpn:2.0_rc2
cpe:/a:openvpn:openvpn:2.0.1_rc3
cpe:/a:openvpn:openvpn:2.0_test3
cpe:/a:openvpn:openvpn:2.0_test10
cpe:/a:openvpn:openvpn:2.0_test20
cpe:/a:openvpn:openvpn:2.0.3_rc1
cpe:/a:openvpn:openvpn:2.0_test8
cpe:/a:openvpn:openvpn:2.0_rc6
cpe:/a:openvpn:openvpn:2.0_rc13
cpe:/a:openvpn:openvpn:2.0_beta16
cpe:/a:openvpn:openvpn:2.0_rc17
cpe:/a:openvpn:openvpn:2.0_rc10
cpe:/a:openvpn:openvpn:2.0_beta12
cpe:/a:openvpn:openvpn:2.0_test7
cpe:/a:openvpn:openvpn:2.0_beta20
cpe:/a:openvpn:openvpn:2.0.1_rc4
cpe:/a:openvpn:openvpn:2.0_beta7
cpe:/a:openvpn:openvpn:2.0_rc20
cpe:/a:openvpn:openvpn:2.0_test23
cpe:/a:openvpn:openvpn:2.0.1_rc6
cpe:/a:openvpn:openvpn:2.0_beta1
cpe:/a:openvpn:openvpn:2.0_test18
cpe:/a:openvpn:openvpn:2.0_rc21
cpe:/a:openvpn:openvpn:2.0_test17
cpe:/a:openvpn:openvpn:2.0_test14
cpe:/a:openvpn:openvpn:2.0_beta4
cpe:/a:openvpn:openvpn:2.0_rc19
cpe:/a:openvpn:openvpn:2.0_test2
cpe:/a:openvpn:openvpn:2.0_beta11
cpe:/a:openvpn:openvpn:2.0_rc8
cpe:/a:openvpn:openvpn:2.0_beta3
cpe:/a:openvpn:openvpn:2.0_beta15
cpe:/a:openvpn:openvpn:2.0_test15
cpe:/a:openvpn:openvpn:2.0_test29
cpe:/a:openvpn:openvpn:2.0_beta5
cpe:/a:openvpn:openvpn:2.0
cpe:/a:openvpn:openvpn:2.0_test26
cpe:/a:openvpn:openvpn:2.0_beta10
cpe:/a:openvpn:openvpn:2.0_test24
cpe:/a:openvpn:openvpn:2.0_test16
cpe:/a:openvpn:openvpn:2.0_rc18
cpe:/a:openvpn:openvpn:2.0_beta17
cpe:/a:openvpn:openvpn:2.0.2_rc1
cpe:/a:openvpn:openvpn:2.0_test12
cpe:/a:openvpn:openvpn:2.0_test19
cpe:/a:openvpn:openvpn:2.0.1_rc5
cpe:/a:openvpn:openvpn:2.0.1_rc7
cpe:/a:openvpn:openvpn:2.0_rc7
cpe:/a:openvpn:openvpn:2.0_beta2
cpe:/a:openvpn:openvpn:2.0.1
cpe:/a:openvpn:openvpn:2.0_rc3
cpe:/a:openvpn:openvpn:2.0.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3409
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-011
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/17376
(VENDOR_ADVISORY)  SECUNIA  17376
http://www.securityfocus.com/bid/15270
(UNKNOWN)  BID  15270
http://www.securityfocus.com/archive/1/archive/1/415487
(UNKNOWN)  OPENPKG  OpenPKG-SA-2005.023
http://openvpn.net/changelog.html
(UNKNOWN)  CONFIRM  http://openvpn.net/changelog.html
http://www.osvdb.org/20416
(UNKNOWN)  OSVDB  20416
http://www.novell.com/linux/security/advisories/2005_25_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:025
http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml
(UNKNOWN)  GENTOO  GLSA-200511-07
http://www.debian.org/security/2005/dsa-885
(UNKNOWN)  DEBIAN  DSA-885
http://secunia.com/advisories/17480
(UNKNOWN)  SECUNIA  17480
http://secunia.com/advisories/17452
(UNKNOWN)  SECUNIA  17452
http://secunia.com/advisories/17447
(UNKNOWN)  SECUNIA  17447

- 漏洞信息

OpenVPN TCP模式服务器远程拒绝服务漏洞
中危 其他
2005-11-01 00:00:00 2005-11-15 00:00:00
远程  
        OpenVPN是一个用于创建虚拟专用网络加密通道的软件包。
        OpenVPN 2.0.4之前的2.x版以TCP模式运行时,可让远程攻击者使系统强制接受函数调用以返回错误状态而拒绝服务(分段错误),这会导致在异常处理中有空的取消引用。

- 公告与补丁

        供应商已发布2.0.4版本来解决此问题;请参阅引用部分了解更多信息。
        OpenVPN OpenVPN 2.0
        OpenVPN OpenVPN 2.0.4
        http://openvpn.net/download.html#stable
        OpenVPN OpenVPN 2.0 beta11
        OpenVPN OpenVPN 2.0.4
        http://openvpn.net/download.html#stable
        OpenVPN OpenVPN 2.0.1
        OpenVPN OpenVPN 2.0.4
        http://openvpn.net/download.html#stable
        OpenVPN OpenVPN 2.0.2
        OpenVPN OpenVPN 2.0.4
        http://openvpn.net/download.html#stable

- 漏洞信息

20416
OpenVPN TCP Mode accept() Function Failure NULL Dereference DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown Vendor Verified

- 漏洞描述

OpenVPN contains a flaw that may allow a remote denial of service. The issue is triggered when handling specially crafted TCP packets, and will result in loss of availability for the service by a NULL dereference (coredump) in the openVPN daemon.

- 时间线

2005-11-01 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OpenVPN Server Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 15270
Yes No
2005-11-01 12:00:00 2006-03-24 06:14:00
The vendor disclosed this vulnerability.

- 受影响的程序版本

S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
OpenVPN OpenVPN 2.0.2
OpenVPN OpenVPN 2.0.1
OpenVPN OpenVPN 2.0 beta11
OpenVPN OpenVPN 2.0
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG Current
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Multi Network Firewall 2.0
Gentoo Linux
OpenVPN OpenVPN 2.0.4

- 不受影响的程序版本

OpenVPN OpenVPN 2.0.4

- 漏洞讨论

OpenVPN server is prone to a remote denial-of-service vulnerability. Due to a design error, the server won't be able to handle exceptional conditions while running in TCP mode.

This issue affects all OpenVPN 2.0 versions; the vendor has released version 2.0.4 to address this issue.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has released version 2.0.4 to address this issue; please see the reference section for more information.


OpenVPN OpenVPN 2.0

OpenVPN OpenVPN 2.0 beta11

OpenVPN OpenVPN 2.0.1

OpenVPN OpenVPN 2.0.2

OpenPKG OpenPKG 2.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站