Debian Bug report logs - #336751
openvpn: Format string vulnerability in config parsing code

version graph

Package: openvpn; Maintainer for openvpn is Alberto Gonzalez Iniesta <agi@inittab.org>; Source for openvpn is src:openvpn.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 1 Nov 2005 09:18:02 UTC

Severity: grave

Tags: security

Found in version openvpn/2.0.2-2

Fixed in version openvpn/2.0.5-1

Done: Alberto Gonzalez Iniesta <agi@inittab.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Alberto Gonzalez Iniesta <agi@inittab.org>:
Bug#336751; Package openvpn. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Alberto Gonzalez Iniesta <agi@inittab.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openvpn: Format string vulnerability in config parsing code
Date: Tue, 01 Nov 2005 10:09:23 +0100
Package: openvpn
Severity: grave
Tags: security
Justification: user security hole

A format string vulnerability has been found in openvpn's option parsing
code, which indirectly may be exploited remotely as well. Please see
http://cert.uni-stuttgart.de/archive/bugtraq/2005/10/msg00393.html 
for more information.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Alberto Gonzalez Iniesta <agi@inittab.org>:
Bug#336751; Package openvpn. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Alberto Gonzalez Iniesta <agi@inittab.org>. Full text and rfc822 format available.

Message #10 received at 336751@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 336751@bugs.debian.org
Subject: CVE assignment
Date: Tue, 1 Nov 2005 10:31:39 +0100
Hi,
this has been assigned CVE-2005-3393, please mention so in the changelog
when fixing this.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Alberto Gonzalez Iniesta <agi@inittab.org>:
Bug#336751; Package openvpn. Full text and rfc822 format available.

Acknowledgement sent to Ralf Hildebrandt <ralf.hildebrandt@charite.de>:
Extra info received and forwarded to list. Copy sent to Alberto Gonzalez Iniesta <agi@inittab.org>. Full text and rfc822 format available.

Message #15 received at 336751@bugs.debian.org (full text, mbox):

From: Ralf Hildebrandt <ralf.hildebrandt@charite.de>
To: Debian Bug Tracking System <336751@bugs.debian.org>
Subject: openvpn: OpenVPN 2.0.4 Released -- Note security fixes
Date: Wed, 02 Nov 2005 09:53:50 +0100
Package: openvpn
Version: 2.0.2-2
Followup-For: Bug #336751


OpenVPN 2.0.4 Released -- Note security fixes

This release contains fixes for two security issues that just came to my
attention over the past 24 hours, which affect OpenVPN 2.0, 2.0.1, 2.0.2,
and the 2.1 beta series.  OpenVPN 1.x is not affected.

So, 2.0.4 is released...

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]         1.4.58     Debian configuration management sy
ii  libc6                         2.3.5-7    GNU C Library: Shared libraries an
ii  liblzo1                       1.08-2     data compression library
ii  libssl0.9.7                   0.9.7g-5   SSL shared libraries

openvpn recommends no packages.

-- debconf information excluded



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#336751; Package openvpn. Full text and rfc822 format available.

Acknowledgement sent to Alberto Gonzalez Iniesta <agi@inittab.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #20 received at 336751@bugs.debian.org (full text, mbox):

From: Alberto Gonzalez Iniesta <agi@inittab.org>
To: 336751@bugs.debian.org
Subject: Re: Bug#336751: openvpn: OpenVPN 2.0.4 Released -- Note security fixes
Date: Wed, 2 Nov 2005 16:54:17 +0100
Packages for Sarge, until they get released by the security team may by
found at:

http://etc.inittab.org/~agi/

Packages for sid/testing will be uploaded RSN.

-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3



Information forwarded to debian-bugs-dist@lists.debian.org, Alberto Gonzalez Iniesta <agi@inittab.org>:
Bug#336751; Package openvpn. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Alberto Gonzalez Iniesta <agi@inittab.org>. Full text and rfc822 format available.

Message #25 received at 336751@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Debian Bug Tracking System <336751@bugs.debian.org>
Subject: Re: Bug#336751: openvpn: Format string vulnerability in config parsing code
Date: Thu, 3 Nov 2005 09:21:40 +0100
Moritz Muehlenhoff wrote:
> Package: openvpn
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> A format string vulnerability has been found in openvpn's option parsing
> code, which indirectly may be exploited remotely as well. Please see
> http://cert.uni-stuttgart.de/archive/bugtraq/2005/10/msg00393.html 
> for more information.

This is CVE-2005-3393.

Regards,

	Joey

-- 
Ten years and still binary compatible.  -- XFree86

Please always Cc to me when replying to me on the lists.



Reply sent to Alberto Gonzalez Iniesta <agi@inittab.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #30 received at 336751-close@bugs.debian.org (full text, mbox):

From: Alberto Gonzalez Iniesta <agi@inittab.org>
To: 336751-close@bugs.debian.org
Subject: Bug#336751: fixed in openvpn 2.0.5-1
Date: Mon, 07 Nov 2005 02:02:09 -0800
Source: openvpn
Source-Version: 2.0.5-1

We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive:

openvpn_2.0.5-1.diff.gz
  to pool/main/o/openvpn/openvpn_2.0.5-1.diff.gz
openvpn_2.0.5-1.dsc
  to pool/main/o/openvpn/openvpn_2.0.5-1.dsc
openvpn_2.0.5-1_i386.deb
  to pool/main/o/openvpn/openvpn_2.0.5-1_i386.deb
openvpn_2.0.5.orig.tar.gz
  to pool/main/o/openvpn/openvpn_2.0.5.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 336751@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <agi@inittab.org> (supplier of updated openvpn package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  7 Nov 2005 10:13:55 +0100
Source: openvpn
Binary: openvpn
Architecture: source i386
Version: 2.0.5-1
Distribution: unstable
Urgency: high
Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org>
Changed-By: Alberto Gonzalez Iniesta <agi@inittab.org>
Description: 
 openvpn    - Virtual Private Network daemon
Closes: 336751 337334
Changes: 
 openvpn (2.0.5-1) unstable; urgency=high
 .
   * New upstream release. Urgency high due to security issues.
       - DoS vulnerability on the server in TCP mode.
         (CVE-2005-3409) (Closes: #337334)
       - Format string vulnerability in the foreign_option
         function in options.c could potentially allow a malicious
         or compromised server to execute arbitrary code on the
         client.  (CVE-2005-3393) (Closes: #336751)
Files: 
 04f23b07dcce1188a10c0232746f7ec4 623 net optional openvpn_2.0.5-1.dsc
 4bd7a42991c93db23842a0992debe53b 662647 net optional openvpn_2.0.5.orig.tar.gz
 3e0467bc6ce587a7a69000b97e418fb9 58027 net optional openvpn_2.0.5-1.diff.gz
 2503099ce556ad0be7eb17cfdd580c35 320368 net optional openvpn_2.0.5-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDbyFCxRSvjkukAcMRAp+4AKC2Y1ozf7jzCiUrTHB+myyssklN+ACgqdw9
+e7R2/9Ib7HDIW8MCQQgIto=
=lLRy
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 19:55:35 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 01:13:11 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.