CVE-2017-7479
Published: 11 May 2017
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
From the Ubuntu Security Team
It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service (application crash).
Notes
| Author | Note |
|---|---|
| sbeattie | fix needs a87e1431baccd49a9344cfc63ab7446c4317fa2f (2.4) or 5d747770efa0611cc6cfeb6b3a5853bf51046d53 (2.3) as a prequisite |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openvpn Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(2.4.0-5ubuntu1)
|
| bionic |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
| cosmic |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
| disco |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
| eoan |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
| focal |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
| groovy |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
| hirsute |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Released
(2.3.2-7ubuntu3.2)
|
|
| upstream |
Released
(2.4.0-5)
|
|
| xenial |
Released
(2.3.10-1ubuntu2.1)
|
|
| yakkety |
Released
(2.3.11-1ubuntu2.1)
|
|
| zesty |
Released
(2.4.0-4ubuntu1.2)
|
|
|
Patches: upstream: https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578 upstream: https://github.com/OpenVPN/openvpn/commit/591a4e574c43cb9e820950f15dcaabda261def78 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |