OpenVPN Patches Remotely Exploitable Vulnerabilities

OpenVPN this week patched several vulnerabilities impacting various branches, including flaws that could be exploited remotely.

Four of the bugs were found by researcher Guido Vranken through fuzzing, after recent audits found a single severe bug in OpenVPN. While analyzing OpenVPN 2.4.2, the researcher found and reported four security issues that were addressed in the OpenVPN 2.4.3 and OpenVPN 2.3.17 releases this week.

The most important of the four issues is a Remotely-triggerable ASSERT() on malformed IPv6 packet bug that can be exploited to remotely shutdown an OpenVPN server or client. Tracked as CVE-2017-7508, the bug can be triggered if IPv6 and –mssfix are enabled and only if the IPv6 networks used inside the VPN are known.

Tracked as CVE-2017-7521, a second vulnerability involves remote-triggerable memory leaks. The issue is that the code doesn’t free all allocated memory when using the –x509-alt-username option on OpenSSL builds with an extension (argument prefixed with “ext:”).

“Several of our OpenSSL-specific certificate-parsing code paths did not always clear all allocated memory. Since a client can cause a few bytes of memory to be leaked for each connection attempt, a client can cause a server to run out of memory and thereby kill the server. That makes this a (quite inefficient) DoS attack,” OpenVPN explains in an advisory.

The third vulnerability Guido Vranken discovered was a potential double-free in –x509-alt-username, tracked as…

Lire la suite (en anglais)

N'oubliez pas de voter pour cet article !
1 étoile2 étoiles3 étoiles4 étoiles5 étoiles (No Ratings Yet)

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Font Resize
Aller à la barre d’outils