oss-sec mailing list archives
RE: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability
From: Nicolas Gaudin <nicolas.gaudin () polyconseil fr>
Date: Wed, 3 Dec 2014 11:11:24 +0100
Hi, Is this vulnerability really 'critical' if we consider that a malicious user needs to be authenticated to crash the gateway? I understand that the vulnerability is exploitable if a client is compromised (certificate stolen). In such a case (client compromised), the risk is greater as confidentiality is breached. Nicolas -----Message d'origine----- De : David White [mailto:dmwhite823 () gmail com] Envoyé : mercredi 3 décembre 2014 10:24 À : oss-security () lists openwall com Objet : [oss-security] CVE-2014-8104 - Critical OpenVPN DoS Vulnerability I saw an email come through the pfSense list yesterday, but haven't seen anything about it discussed here. So I'm bringing it to this list's attention. https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b [ As a side note, I mistakenly thought the OP on the pfSense list mistakenly posted his link to a forum post on OpenVPN that was written in 2010, when in fact, that user had joined in 2010 but posted to the pfSense forum recently - https://forums.openvpn.net/topic17625.html ] -- David
Current thread:
- CVE-2014-8104 - Critical OpenVPN DoS Vulnerability David White (Dec 03)
- RE: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Nicolas Gaudin (Dec 03)
- Re: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Max Mühlbronner (Dec 03)
- Re: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Matt U (Dec 03)
- RE: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Nicolas Gaudin (Dec 03)