Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2013-2061
Description:The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
Test IDs: 1.3.6.1.4.1.25623.1.0.865625   1.3.6.1.4.1.25623.1.0.865623   1.3.6.1.4.1.25623.1.0.841992   1.3.6.1.4.1.25623.1.0.120028   1.3.6.1.4.1.25623.1.1.4.2013.1783.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-2061
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:167
http://www.openwall.com/lists/oss-security/2013/05/06/6
SuSE Security Announcement: openSUSE-SU-2013:1645 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html
SuSE Security Announcement: openSUSE-SU-2013:1649 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html




© 1998-2024 E-Soft Inc. All rights reserved.