CVE-2017-7479
Published: 11 May 2017
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
From the Ubuntu Security Team
It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service (application crash).
Notes
Author | Note |
---|---|
sbeattie | fix needs a87e1431baccd49a9344cfc63ab7446c4317fa2f (2.4) or 5d747770efa0611cc6cfeb6b3a5853bf51046d53 (2.3) as a prequisite |
Priority
Status
Package | Release | Status |
---|---|---|
openvpn Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(2.4.0-5ubuntu1)
|
bionic |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
cosmic |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
disco |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
eoan |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
focal |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
groovy |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
hirsute |
Not vulnerable
(2.4.0-5ubuntu1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(2.3.2-7ubuntu3.2)
|
|
upstream |
Released
(2.4.0-5)
|
|
xenial |
Released
(2.3.10-1ubuntu2.1)
|
|
yakkety |
Released
(2.3.11-1ubuntu2.1)
|
|
zesty |
Released
(2.4.0-4ubuntu1.2)
|
|
Patches: upstream: https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578 upstream: https://github.com/OpenVPN/openvpn/commit/591a4e574c43cb9e820950f15dcaabda261def78 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |