Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-9644

net-vpn/openvpn multiple vulnerabilities

XMLWordPrintable

    • Icon: Security Vulnerability Security Vulnerability
    • Resolution: Fixed
    • Icon: Normal Normal
    • None
    • None 

      {
  "id": "CVE-2022-0547",
  "is_known_exploited_vuln": false,
  "description": "OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2022-0547",
    "https://openvpn.net/community-downloads/",
    "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements",
    "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547",
    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/",
    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/"
  ]
}

      {
  "id": "CVE-2020-15078",
  "is_known_exploited_vuln": false,
  "description": "OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2020-15078",
    "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements",
    "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078",
    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGEGLC4YGBDN5CGHTNWN2GH6DJJA36T2/",
    "https://security.gentoo.org/glsa/202105-25",
    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/",
    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/",
    "https://usn.ubuntu.com/usn/usn-4933-1"
  ]
}

      {
  "id": "CVE-2021-3606",
  "is_known_exploited_vuln": false,
  "description": "OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2021-3606",
    "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements",
    "https://community.openvpn.net/openvpn/wiki/CVE-2021-3606"
  ]
}

            Unassigned Unassigned
            tczaude tczaude
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: