Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Open VPN2.X

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
detsi Open VPN2.X
Member 17th Apr, 2014 22:50
Ranking: 2
Posts: 52
User Since: 2nd Jan, 2011
System Score: 100%
Location: UK
Scan shows this needs an update. I didn't know it was installed or what it is. Can anyone help?
Same scan shows Adobe Reader X 10.X needs update but Adobe tells me that everything is up to date. Any advice?

Vista - Firefox

Maurice Joyce RE: Open VPN2.X
Handling Contributor 17th Apr, 2014 23:11
Score: 11630
Posts: 8,917
User Since: 4th Jan 2009
System Score: N/A
Location: UK
What paths does PSI give you to these two problems?

FINDING A FILE PATH USING PSI

VERSION 2


From the DASHBOARD page click on SCAN RESULTS.

1. This will list all your programmes with a + to the left of each programme.
2. Click the + sign next to the item that U want help with.
3. This will reveal the path under DETECTED INSTANCES.
4. Below DETECTED INSTANCES you will see this You can double click this row for additional information & options>double click it>a box will appear>look to the RIGHT & U will see TROUBLESHOOT REPORT in BLUE writing under the heading TOOLBOX> click TroubleShoot Report & it will reveal some information in a box>highlight the information revealed from ---START--- to ---END--- & copy it (CTRL+C) then post it to the Forum (CTRL+V)

VERSION 3
This version does not have such an easy method to publish the path.

Open PSI>once open select Show Programs.
You will now see a page full of programme icons or a list.
Right click on the programme in error>select Show Details - that will open a box showing the path & version number of the offending file.
You now have 3 options:
1. Write down the exact file path & install version - return to the Forum & type that information.
2. Take a screen shot & publish that.


Last Reviewed 22:11 17/04/2014




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
detsi RE: Open VPN2.X
Member 18th Apr, 2014 00:00
Score: 2
Posts: 52
User Since: 2nd Jan 2011
System Score: 100%
Location: UK
Thanks for your reply. I have only recently installed Avast so that clears things up a bit. See info' required:
C;Program Files\Avast Software\Avast\OpenVPN\openvpn.exe Installed version 2.3.0.0.
C:Program Files\Adobe Reader10.0\Reader\AcroRd 32.exe Installed version 10.1.4.38
Was this reply relevant?
+0
-0
Maurice Joyce RE: Open VPN2.X
Handling Contributor 18th Apr, 2014 00:49
Score: 11630
Posts: 8,917
User Since: 4th Jan 2009
System Score: N/A
Location: UK
This appears to be the latest update for Adobe Reader 10 which is different to yours.

http://www.adobe.com/support/downloads/detail.jsp?...

I would check with Avast on the vpn issue - some vpn are subject to the Heartbeat vulnerability. It could be that you have not got the latest version installed or, because it appears embedded within Avast, it could be a false positive.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
rusty.07 RE: Open VPN2.X
Member 18th Apr, 2014 07:02
Score: 0
Posts: 6
User Since: 18th Apr 2014
System Score: N/A
Location: US
on 18th Apr, 2014 00:49, Maurice Joyce wrote:
I would check with Avast on the vpn issue - some vpn are subject to the Heartbeat vulnerability. It could be that you have not got the latest version installed or, because it appears embedded within Avast, it could be a false positive.



I did, and here is the thread...

http://forum.avast.com/index.php?topic=149117.msg1...

Quote from Avast thread...

***It is true that avast! uses OpenVPN engine to provide for the SecureLine service but we have fixed the mentioned vulnerability ourselves (by upgrading OpenSSL libraries to 1.0.1g). If you already have the latest avast! (2014.9.0.2018), you can disregard the warning.***

I am working on both sides of this issue, and it appears that Avast has complied on their end. How soon will it be before Secunia can detect these changes in Avast, and turn off the OpenVPN warning?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Open VPN2.X
Handling Contributor 18th Apr, 2014 10:13
Score: 11630
Posts: 8,917
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 18th Apr, 2014 11:24
Is the vulnerability still showing after the update is installed & a full PSI scan has taken place?

If so you should write to Secunia Support asking them to update their database.

support@secunia.com

http://secunia.com/vulnerability_scanning/personal...

EDIT Originators problem resolved.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability