MEDIUM5.8
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить целостность и доступность защищаемой информации
CVSS 2.0СРЕДНЯЯ 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P
Серьёзность:
Закрытые проблемы (4)
MEDIUM6.8
Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:CLOW2.6
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
CVSS 2.0НИЗКАЯ 2.6
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:NСсылки
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:167
- http://www.openwall.com/lists/oss-security/2013/05/06/6
- https://bugs.gentoo.org/show_bug.cgi?id=468756
- https://bugzilla.redhat.com/show_bug.cgi?id=960192
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
- https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:167
- http://www.openwall.com/lists/oss-security/2013/05/06/6
- https://bugs.gentoo.org/show_bug.cgi?id=468756
- https://bugzilla.redhat.com/show_bug.cgi?id=960192
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
- https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee
MEDIUM6.8
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:CСсылки
- http://advisories.mageia.org/MGASA-2014-0512.html
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html
- http://www.debian.org/security/2014/dsa-3084
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:139
- http://www.ubuntu.com/usn/USN-2430-1
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
- http://advisories.mageia.org/MGASA-2014-0512.html
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html
- http://www.debian.org/security/2014/dsa-3084
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:139
- http://www.ubuntu.com/usn/USN-2430-1
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b