|
|
CVE Reference: CVE-2005-2531 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-2531 |
|
|
Description: OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. |
|
|
CVE Status: Candidate |
|
|
References: SUSE http://www.novell.com/linux/security/advisories/2005_20_sr.html SAID Secunia Advisory: SA16463 Secunia Advisory: SA17103 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2005:145 DEBIAN http://www.debian.org/security/2005/dsa-851 CONFIRM http://openvpn.net/changelog.html BID 14605 |
|
| Return to the previous page. |
