Vulnerability Name:

CVE-2005-3409 (CCN-22940)

Assigned:2005-10-31
Published:2005-10-31
Updated:2020-05-12
Summary:OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-3409

Source: CCN
Type: OpenVPN Change Log
2005.11.01 -- Version 2.0.4

Source: CONFIRM
Type: UNKNOWN
http://openvpn.net/changelog.html

Source: CCN
Type: OpenVPN Download
OpenVPN 2.0.5 -- released on 2005.11.02

Source: CCN
Type: SA17376
OpenVPN Format String and Denial of Service Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
17376

Source: SECUNIA
Type: UNKNOWN
17447

Source: SECUNIA
Type: UNKNOWN
17452

Source: SECUNIA
Type: UNKNOWN
17480

Source: DEBIAN
Type: UNKNOWN
DSA-885

Source: DEBIAN
Type: DSA-885
openvpn -- several vulnerabilities

Source: CCN
Type: GLSA-200511-07
OpenVPN: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200511-07

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:025

Source: CCN
Type: OpenPKG-SA-2005.023
OpenVPN

Source: OSVDB
Type: UNKNOWN
20416

Source: CCN
Type: OSVDB ID: 20416
OpenVPN TCP Mode accept() Function Failure NULL Dereference DoS

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2005.023

Source: BID
Type: UNKNOWN
15270

Source: CCN
Type: BID-15270
OpenVPN Server Remote Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
openvpn-tcp-mode-dos(22940)

Source: SUSE
Type: SUSE-SR:2005:025
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openvpn:openvpn:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc7:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.2_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.3_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta3:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta4:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta7:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta8:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta9:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta10:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta11:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta12:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta13:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta15:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta16:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta17:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta18:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta19:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta20:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta28:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc7:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc8:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc9:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc10:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc11:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc12:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc13:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc14:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc15:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc16:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc17:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc18:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc19:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc20:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc21:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test3:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test7:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test8:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test9:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test10:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test11:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test12:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test14:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test15:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test16:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test17:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test18:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test19:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test20:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test21:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test22:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test23:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test24:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test26:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test27:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test29:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:113069
    P
    		openvpn-2.5.3-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106507
    P
    		openvpn-2.5.3-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.debian:def:885
    V
    		several vulnerabilities
    2005-11-07
    BACK
    openvpn openvpn 2.0
    openvpn openvpn 2.0.1_rc1
    openvpn openvpn 2.0.1_rc2
    openvpn openvpn 2.0.1_rc3
    openvpn openvpn 2.0.1_rc4
    openvpn openvpn 2.0.1_rc5
    openvpn openvpn 2.0.1_rc6
    openvpn openvpn 2.0.1_rc7
    openvpn openvpn 2.0.2_rc1
    openvpn openvpn 2.0.3_rc1
    openvpn openvpn 2.0_beta1
    openvpn openvpn 2.0_beta2
    openvpn openvpn 2.0_beta3
    openvpn openvpn 2.0_beta4
    openvpn openvpn 2.0_beta5
    openvpn openvpn 2.0_beta6
    openvpn openvpn 2.0_beta7
    openvpn openvpn 2.0_beta8
    openvpn openvpn 2.0_beta9
    openvpn openvpn 2.0_beta10
    openvpn openvpn 2.0_beta11
    openvpn openvpn 2.0_beta12
    openvpn openvpn 2.0_beta13
    openvpn openvpn 2.0_beta15
    openvpn openvpn 2.0_beta16
    openvpn openvpn 2.0_beta17
    openvpn openvpn 2.0_beta18
    openvpn openvpn 2.0_beta19
    openvpn openvpn 2.0_beta20
    openvpn openvpn 2.0_beta28
    openvpn openvpn 2.0_rc1
    openvpn openvpn 2.0_rc2
    openvpn openvpn 2.0_rc3
    openvpn openvpn 2.0_rc4
    openvpn openvpn 2.0_rc5
    openvpn openvpn 2.0_rc6
    openvpn openvpn 2.0_rc7
    openvpn openvpn 2.0_rc8
    openvpn openvpn 2.0_rc9
    openvpn openvpn 2.0_rc10
    openvpn openvpn 2.0_rc11
    openvpn openvpn 2.0_rc12
    openvpn openvpn 2.0_rc13
    openvpn openvpn 2.0_rc14
    openvpn openvpn 2.0_rc15
    openvpn openvpn 2.0_rc16
    openvpn openvpn 2.0_rc17
    openvpn openvpn 2.0_rc18
    openvpn openvpn 2.0_rc19
    openvpn openvpn 2.0_rc20
    openvpn openvpn 2.0_rc21
    openvpn openvpn 2.0_test1
    openvpn openvpn 2.0_test2
    openvpn openvpn 2.0_test3
    openvpn openvpn 2.0_test5
    openvpn openvpn 2.0_test6
    openvpn openvpn 2.0_test7
    openvpn openvpn 2.0_test8
    openvpn openvpn 2.0_test9
    openvpn openvpn 2.0_test10
    openvpn openvpn 2.0_test11
    openvpn openvpn 2.0_test12
    openvpn openvpn 2.0_test14
    openvpn openvpn 2.0_test15
    openvpn openvpn 2.0_test16
    openvpn openvpn 2.0_test17
    openvpn openvpn 2.0_test18
    openvpn openvpn 2.0_test19
    openvpn openvpn 2.0_test20
    openvpn openvpn 2.0_test21
    openvpn openvpn 2.0_test22
    openvpn openvpn 2.0_test23
    openvpn openvpn 2.0_test24
    openvpn openvpn 2.0_test26
    openvpn openvpn 2.0_test27
    openvpn openvpn 2.0_test29
    openvpn openvpn access server 2.0.1
    openvpn openvpn access server 2.0.2