717978 – (CVE-2020-11810) <net-vpn/openvpn-2.4.9: Denial of service vulnerability (CVE-2020-11810)

Bug 717978 (CVE-2020-11810) - <net-vpn/openvpn-2.4.9: Denial of service vulnerability (CVE-2020-11810)

Summary: <net-vpn/openvpn-2.4.9: Denial of service vulnerability (CVE-2020-11810)

Status:	RESOLVED FIXED

Alias:	CVE-2020-11810

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-04-18 05:00 UTC by Sam James
Modified:	2020-05-04 02:17 UTC (History)
CC List:	2 users (show)

See Also:	719716 704070
Package list:	=net-vpn/openvpn-2.4.9 arm arm64 ppc ppc64 x86
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-04-18 05:00:24 UTC

Description:
"The net effect of [...] behaviour is that the VPN session for the
"victim client" is broken.  Since the "attacker client" does not have
suitable keys, it can not inject or steal VPN traffic from the other
session.  The time window is small and it can not be used to attack
a specific client's session, unless some other way is found to make it
disconnect and reconnect first."

Patch: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab

Bug: https://community.openvpn.net/openvpn/ticket/1272

Comment 1 Sam James archtester

2020-04-18 05:00:56 UTC

@maintainer(s), please create an appropriate ebuild (2.4.9 has been released to address this issue).

Comment 2 Larry the Git Cow gentoo-dev

2020-04-22 23:53:45 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a7e94d940f6be5b3e03d83d276e31ca1fc2878e

commit 5a7e94d940f6be5b3e03d83d276e31ca1fc2878e
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-04-22 23:50:41 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-04-22 23:53:32 +0000

    net-vpn/openvpn: stable 2.4.9 on amd64
    
    Bug: https://bugs.gentoo.org/717978
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 net-vpn/openvpn/openvpn-2.4.9.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Agostino Sarubbo gentoo-dev

2020-04-23 10:09:56 UTC

arm stable

Comment 4 Agostino Sarubbo gentoo-dev

2020-04-23 10:39:37 UTC

ppc stable

Comment 5 Agostino Sarubbo gentoo-dev

2020-04-23 10:40:43 UTC

ppc64 stable

Comment 6 Agostino Sarubbo gentoo-dev

2020-04-23 10:42:24 UTC

x86 stable

Comment 7 Sam James archtester

2020-04-28 19:25:12 UTC

arm64 stable

Comment 8 Sam James archtester

2020-04-28 19:41:02 UTC

@maintainer(s), please cleanup <net-misc/openvpn-2.4.9.

Comment 9 Larry the Git Cow gentoo-dev

2020-05-04 02:17:35 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b91fcf19d5da0efd91a6bfa1f9240f9042eb9df1

commit b91fcf19d5da0efd91a6bfa1f9240f9042eb9df1
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2020-05-04 02:17:05 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-05-04 02:17:27 +0000

    net-vpn/openvpn: drop vulnerable
    
    Bug: https://bugs.gentoo.org/717978
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 net-vpn/openvpn/Manifest                |   4 -
 net-vpn/openvpn/openvpn-2.4.6-r1.ebuild | 156 -------------------------------
 net-vpn/openvpn/openvpn-2.4.6.ebuild    | 156 -------------------------------
 net-vpn/openvpn/openvpn-2.4.7-r1.ebuild | 157 --------------------------------
 net-vpn/openvpn/openvpn-2.4.8.ebuild    | 145 -----------------------------
 5 files changed, 618 deletions(-)