CVE-2017-7479
Debian Security Advisory 3900-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
OpenVPN versiones anteriores a 2.3.15 y anteriores a 2.4.2, son vulnerables a una aserciĆ³n alcanzable cuando el contador del identificador de paquete se devuelve como resultado de una denegaciĆ³n de servicio del servidor por parte de un atacante autenticado.
Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-05-11 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/98443 | Vdb Entry | |
| http://www.securitytracker.com/id/1038473 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3900 | 2019-10-03 | |
| https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | <= 2.3.14 Search vendor "Openvpn" for product "Openvpn" and version " <= 2.3.14" | - |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | - |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | alpha2 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | beta1 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | beta2 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | rc1 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | rc2 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.1 Search vendor "Openvpn" for product "Openvpn" and version "2.4.1" | - |
Affected
| ||||||