This update for openvpn fixes the following issues :

  - CVE-2016-6329: Show which ciphers should no longer be     used in openvpn --show-ciphers (bsc#995374)

  - CVE-2017-7478: openvpn: Authenticated user can DoS     server by using a big payload in P_CONTROL (bsc#1038709)

  - CVE-2017-7479: openvpn: Denial of Service due to     Exhaustion of Packet-ID counter (bsc#1038711)

  - Hardening measures found by internal audit (bsc#1038713)

This update was imported from the SUSE:SLE-12:Update update project.

2.3.12: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 https://sweet32.info/ https://community.openvpn.net/openvpn/wiki/SWEET32

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3339-1 advisory.

    Karthikeyan Bhargavan and Gatan Leurent discovered that 64-bit block ciphers are vulnerable to a     birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this     issue requires a configuration change to switch to a different cipher. This update adds a warning to the     log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS     and Ubuntu 16.10. (CVE-2016-6329)

    It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote     attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only     affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-7479)

    Guido Vranken discovered that OpenVPN incorrectly handled certain malformed IPv6 packets. A remote     attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7508)

    Guido Vranken discovered that OpenVPN incorrectly handled memory. A remote attacker could use this issue     to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7512)

    Guido Vranken discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication. A remote     attacker could use this issue to cause OpenVPN clients to crash, resulting in a denial of service, or     possibly expose sensitive memory contents. (CVE-2017-7520)

    Guido Vranken discovered that OpenVPN incorrectly handled certain x509 extensions. A remote attacker could     use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7521)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for openvpn fixes the following security issues :

  - CVE-2017-12166: OpenVPN was vulnerable to a buffer     overflow vulnerability when key-method 1 is used,     possibly resulting in code execution. (bsc#1060877).

  - CVE-2016-6329: Now show which ciphers should no longer     be used in openvpn --show-ciphers to avoid the SWEET32     attack (bsc#995374)

  - CVE-2017-7478: OpenVPN was vulnerable to unauthenticated     Denial of Service of server via received large control     packet. (bsc#1038709)

  - CVE-2017-7479: OpenVPN was vulnerable to reachable     assertion when packet-ID counter rolls over resulting     into Denial of Service of server by authenticated     attacker. (bsc#1038711)

  - Some other hardening fixes have also been applied     (bsc#1038713)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201611-02 (OpenVPN: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenVPN. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker may be able to recover plaintext from encrypted       communications.
  Workaround :

    There is no known workaround at this time.

2.3.12: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

https://sweet32.info/ https://community.openvpn.net/openvpn/wiki/SWEET32

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is prior to 2.3.15. It is, therefore, affected by a weak cryptographic cipher vulnerability. OpenVPN's default cipher, BF-CBC, is vulnerable to plaintext recovery when enough cipher text has been observed. An unauthenticated, remote attacker can exploit this issue, to decrypt data being sent to OpenVPN.

The remote host supports the use of a block cipher with 64-bit blocks in one or more cipher suites. It is, therefore, affected by a vulnerability, known as SWEET32, due to the use of weak 64-bit block ciphers. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.

Proof-of-concepts have shown that attackers can recover authentication cookies from an HTTPS session in as little as 30 hours.

Note that the ability to send a large number of requests over the same TLS connection between the client and server is an important requirement for carrying out this attack. If the number of requests allowed for a single connection were limited, this would mitigate the vulnerability. This plugin requires report paranoia as Nessus has not checked for such a mitigation.

Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to a birthday attack when key renegotiation doesn't happen frequently or at all in long running connections. The blowfish cipher as used in OpenVPN by default is vulnerable to this attack, allowing a remote attacker to recover partial plaintext information (XOR of two plaintext blocks).

This update for openvpn fixes the following issues :

  - CVE-2016-6329: Show which ciphers should no longer be     used in openvpn

    --show-ciphers (bsc#995374)

  - CVE-2017-7478: openvpn: Authenticated user can DoS     server by using a big payload in P_CONTROL (bsc#1038709)

  - CVE-2017-7479: openvpn: Denial of Service due to     Exhaustion of Packet-ID counter (bsc#1038711)

  - Hardening measures found by internal audit (bsc#1038713)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
101128	openSUSE Security Update : openvpn (openSUSE-2017-717) (SWEET32)	Nessus	SuSE Local Security Checks	6/30/2017	12/5/2022	high
93141	Fedora 24 : openvpn (2016-7810e24465) (SWEET32)	Nessus	Fedora Local Security Checks	8/29/2016	12/5/2022	medium
101024	Ubuntu 14.04 LTS / 16.04 LTS : OpenVPN vulnerabilities (USN-3339-1)	Nessus	Ubuntu Local Security Checks	6/23/2017	8/27/2024	critical
104141	SUSE SLES11 Security Update : openvpn (SUSE-SU-2017:2838-1) (SWEET32)	Nessus	SuSE Local Security Checks	10/25/2017	10/4/2024	high
93265	Fedora 23 : openvpn (2016-dc2cb4ad6b) (SWEET32)	Nessus	Fedora Local Security Checks	9/2/2016	12/5/2022	medium
94461	GLSA-201611-02 : OpenVPN: Multiple vulnerabilities (SWEET32)	Nessus	Gentoo Local Security Checks	11/2/2016	12/5/2022	medium
94826	Fedora 25 : openvpn (2016-81d6e6a9ac) (SWEET32)	Nessus	Fedora Local Security Checks	11/15/2016	12/5/2022	medium
125226	OpenVPN < 2.3.15 Weak Cryptographic Cipher Vulnerability (Windows)	Nessus	Windows	5/16/2019	12/5/2022	medium
94437	SSL 64-bit Block Size Cipher Suites Supported (SWEET32)	Nessus	General	11/1/2016	12/5/2022	high
93745	Amazon Linux AMI : openvpn (ALAS-2016-750) (SWEET32)	Nessus	Amazon Linux Local Security Checks	9/28/2016	12/5/2022	medium
100951	SUSE SLED12 / SLES12 Security Update : openvpn (SUSE-SU-2017:1622-1) (SWEET32)	Nessus	SuSE Local Security Checks	6/21/2017	12/5/2022	high

Detections

Analytics

Plugins Search

high

medium

critical

high

medium

medium

medium

medium

high

medium

high