CVE Vulnerabilities

CVE-2005-2531

Published: Aug 24, 2005 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

OpenVPN before 2.0.1, when running with verb 0 and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.

Affected Software

Name Vendor Start Version End Version
Openvpn Openvpn 2.0 (including) 2.0 (including)
Openvpn Openvpn 2.0.1_rc1 (including) 2.0.1_rc1 (including)
Openvpn Openvpn 2.0.1_rc2 (including) 2.0.1_rc2 (including)
Openvpn Openvpn 2.0.1_rc3 (including) 2.0.1_rc3 (including)
Openvpn Openvpn 2.0.1_rc4 (including) 2.0.1_rc4 (including)
Openvpn Openvpn 2.0.1_rc5 (including) 2.0.1_rc5 (including)
Openvpn Openvpn 2.0.1_rc6 (including) 2.0.1_rc6 (including)
Openvpn Openvpn 2.0.1_rc7 (including) 2.0.1_rc7 (including)
Openvpn Openvpn 2.0_beta1 (including) 2.0_beta1 (including)
Openvpn Openvpn 2.0_beta2 (including) 2.0_beta2 (including)
Openvpn Openvpn 2.0_beta3 (including) 2.0_beta3 (including)
Openvpn Openvpn 2.0_beta4 (including) 2.0_beta4 (including)
Openvpn Openvpn 2.0_beta5 (including) 2.0_beta5 (including)
Openvpn Openvpn 2.0_beta6 (including) 2.0_beta6 (including)
Openvpn Openvpn 2.0_beta7 (including) 2.0_beta7 (including)
Openvpn Openvpn 2.0_beta8 (including) 2.0_beta8 (including)
Openvpn Openvpn 2.0_beta9 (including) 2.0_beta9 (including)
Openvpn Openvpn 2.0_beta10 (including) 2.0_beta10 (including)
Openvpn Openvpn 2.0_beta11 (including) 2.0_beta11 (including)
Openvpn Openvpn 2.0_beta12 (including) 2.0_beta12 (including)
Openvpn Openvpn 2.0_beta13 (including) 2.0_beta13 (including)
Openvpn Openvpn 2.0_beta15 (including) 2.0_beta15 (including)
Openvpn Openvpn 2.0_beta16 (including) 2.0_beta16 (including)
Openvpn Openvpn 2.0_beta17 (including) 2.0_beta17 (including)
Openvpn Openvpn 2.0_beta18 (including) 2.0_beta18 (including)
Openvpn Openvpn 2.0_beta19 (including) 2.0_beta19 (including)
Openvpn Openvpn 2.0_beta20 (including) 2.0_beta20 (including)
Openvpn Openvpn 2.0_beta28 (including) 2.0_beta28 (including)
Openvpn Openvpn 2.0_rc1 (including) 2.0_rc1 (including)
Openvpn Openvpn 2.0_rc2 (including) 2.0_rc2 (including)
Openvpn Openvpn 2.0_rc3 (including) 2.0_rc3 (including)
Openvpn Openvpn 2.0_rc4 (including) 2.0_rc4 (including)
Openvpn Openvpn 2.0_rc5 (including) 2.0_rc5 (including)
Openvpn Openvpn 2.0_rc6 (including) 2.0_rc6 (including)
Openvpn Openvpn 2.0_rc7 (including) 2.0_rc7 (including)
Openvpn Openvpn 2.0_rc8 (including) 2.0_rc8 (including)
Openvpn Openvpn 2.0_rc9 (including) 2.0_rc9 (including)
Openvpn Openvpn 2.0_rc10 (including) 2.0_rc10 (including)
Openvpn Openvpn 2.0_rc11 (including) 2.0_rc11 (including)
Openvpn Openvpn 2.0_rc12 (including) 2.0_rc12 (including)
Openvpn Openvpn 2.0_rc13 (including) 2.0_rc13 (including)
Openvpn Openvpn 2.0_rc14 (including) 2.0_rc14 (including)
Openvpn Openvpn 2.0_rc15 (including) 2.0_rc15 (including)
Openvpn Openvpn 2.0_rc16 (including) 2.0_rc16 (including)
Openvpn Openvpn 2.0_rc17 (including) 2.0_rc17 (including)
Openvpn Openvpn 2.0_rc18 (including) 2.0_rc18 (including)
Openvpn Openvpn 2.0_rc19 (including) 2.0_rc19 (including)
Openvpn Openvpn 2.0_rc20 (including) 2.0_rc20 (including)
Openvpn Openvpn 2.0_rc21 (including) 2.0_rc21 (including)
Openvpn Openvpn 2.0_test1 (including) 2.0_test1 (including)
Openvpn Openvpn 2.0_test2 (including) 2.0_test2 (including)
Openvpn Openvpn 2.0_test3 (including) 2.0_test3 (including)
Openvpn Openvpn 2.0_test5 (including) 2.0_test5 (including)
Openvpn Openvpn 2.0_test6 (including) 2.0_test6 (including)
Openvpn Openvpn 2.0_test7 (including) 2.0_test7 (including)
Openvpn Openvpn 2.0_test8 (including) 2.0_test8 (including)
Openvpn Openvpn 2.0_test9 (including) 2.0_test9 (including)
Openvpn Openvpn 2.0_test10 (including) 2.0_test10 (including)
Openvpn Openvpn 2.0_test11 (including) 2.0_test11 (including)
Openvpn Openvpn 2.0_test12 (including) 2.0_test12 (including)
Openvpn Openvpn 2.0_test14 (including) 2.0_test14 (including)
Openvpn Openvpn 2.0_test15 (including) 2.0_test15 (including)
Openvpn Openvpn 2.0_test16 (including) 2.0_test16 (including)
Openvpn Openvpn 2.0_test17 (including) 2.0_test17 (including)
Openvpn Openvpn 2.0_test18 (including) 2.0_test18 (including)
Openvpn Openvpn 2.0_test19 (including) 2.0_test19 (including)
Openvpn Openvpn 2.0_test20 (including) 2.0_test20 (including)
Openvpn Openvpn 2.0_test21 (including) 2.0_test21 (including)
Openvpn Openvpn 2.0_test22 (including) 2.0_test22 (including)
Openvpn Openvpn 2.0_test23 (including) 2.0_test23 (including)
Openvpn Openvpn 2.0_test24 (including) 2.0_test24 (including)
Openvpn Openvpn 2.0_test26 (including) 2.0_test26 (including)
Openvpn Openvpn 2.0_test27 (including) 2.0_test27 (including)
Openvpn Openvpn 2.0_test29 (including) 2.0_test29 (including)
Openvpn Ubuntu dapper *
Openvpn Ubuntu devel *
Openvpn Ubuntu edgy *
Openvpn Ubuntu feisty *

References