CVE-2013-2061

Related Files

Ubuntu Security Notice USN-2368-1

Posted Oct 2, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2368-1 - It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack.

tags | advisory, remote, udp

systems | linux, ubuntu

advisories | CVE-2013-2061

SHA-256 | d23623be892ad4e3082d9de02d10de4f885746f733ac9a7916528d54aa86b3b6

Download | Favorite | View

Gentoo Linux Security Advisory 201311-13

Posted Nov 20, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-13 - Multiple vulnerabilities have been found in OpenVPN, allowing remote attackers to read encrypted traffic. Versions less than 2.3.1 are affected.

tags | advisory, remote, vulnerability

systems | linux, gentoo

advisories | CVE-2009-3555, CVE-2013-2061

SHA-256 | d2f81af3f93b9da61e7132428ea1952938c2cc2f98696e6c78aa0f34389ff15f

Download | Favorite | View

Mandriva Linux Security Advisory 2013-167

Posted May 28, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-167 - OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementation of the crypto library, optimistically at a rate of about one character per 3 hours. PolarSSL seems vulnerable to such an attack; the vulnerability of OpenSSL has not been verified or tested.

tags | advisory, udp, cryptography

systems | linux, mandriva

advisories | CVE-2013-2061

SHA-256 | a75cb3960da77a15622808e7278771f10cebd019788136fc247c9d95fda3ffab

Download | Favorite | View