CVE-2014-8104
First published: Wed Dec 03 2014(Updated: )
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mageia | =4.0 | |
| Debian GNU/Linux | =7.0 | |
| Debian GNU/Linux | =8.0 | |
| openSUSE | =12.3 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| OpenVPN | =2.0.1_rc1 | |
| OpenVPN | =2.0.1_rc2 | |
| OpenVPN | =2.0.1_rc3 | |
| OpenVPN | =2.0.1_rc4 | |
| OpenVPN | =2.0.1_rc5 | |
| OpenVPN | =2.0.1_rc6 | |
| OpenVPN | =2.0.1_rc7 | |
| OpenVPN | =2.0.2_rc1 | |
| OpenVPN | =2.0.3_rc1 | |
| OpenVPN | =2.0.4 | |
| OpenVPN | =2.0.6_rc1 | |
| OpenVPN | =2.0.9 | |
| OpenVPN | =2.0_rc1 | |
| OpenVPN | =2.0_rc2 | |
| OpenVPN | =2.0_rc3 | |
| OpenVPN | =2.0_rc4 | |
| OpenVPN | =2.0_rc5 | |
| OpenVPN | =2.0_rc6 | |
| OpenVPN | =2.0_rc7 | |
| OpenVPN | =2.0_rc8 | |
| OpenVPN | =2.0_rc9 | |
| OpenVPN | =2.0_rc10 | |
| OpenVPN | =2.0_rc11 | |
| OpenVPN | =2.0_rc12 | |
| OpenVPN | =2.0_rc13 | |
| OpenVPN | =2.0_rc14 | |
| OpenVPN | =2.0_rc15 | |
| OpenVPN | =2.0_rc16 | |
| OpenVPN | =2.0_rc17 | |
| OpenVPN | =2.0_rc18 | |
| OpenVPN | =2.0_rc19 | |
| OpenVPN | =2.0_rc20 | |
| OpenVPN | =2.0_rc21 | |
| OpenVPN | =2.0_test1 | |
| OpenVPN | =2.0_test2 | |
| OpenVPN | =2.0_test3 | |
| OpenVPN | =2.0_test4 | |
| OpenVPN | =2.0_test5 | |
| OpenVPN | =2.0_test6 | |
| OpenVPN | =2.0_test7 | |
| OpenVPN | =2.0_test8 | |
| OpenVPN | =2.0_test9 | |
| OpenVPN | =2.0_test10 | |
| OpenVPN | =2.0_test11 | |
| OpenVPN | =2.0_test12 | |
| OpenVPN | =2.0_test14 | |
| OpenVPN | =2.0_test15 | |
| OpenVPN | =2.0_test16 | |
| OpenVPN | =2.0_test17 | |
| OpenVPN | =2.0_test18 | |
| OpenVPN | =2.0_test19 | |
| OpenVPN | =2.0_test20 | |
| OpenVPN | =2.0_test21 | |
| OpenVPN | =2.0_test22 | |
| OpenVPN | =2.0_test23 | |
| OpenVPN | =2.0_test24 | |
| OpenVPN | =2.0_test25 | |
| OpenVPN | =2.0_test26 | |
| OpenVPN | =2.0_test27 | |
| OpenVPN | =2.0_test28 | |
| OpenVPN | =2.0_test29 | |
| OpenVPN | =2.1-beta-1 | |
| OpenVPN | =2.1-beta-10 | |
| OpenVPN | =2.1-beta-11 | |
| OpenVPN | =2.1-beta-12 | |
| OpenVPN | =2.1-beta-13 | |
| OpenVPN | =2.1-beta-14 | |
| OpenVPN | =2.1-beta-15 | |
| OpenVPN | =2.1-beta-16 | |
| OpenVPN | =2.1-beta-2 | |
| OpenVPN | =2.1-beta-3 | |
| OpenVPN | =2.1-beta-4 | |
| OpenVPN | =2.1-beta-5 | |
| OpenVPN | =2.1-beta-6 | |
| OpenVPN | =2.1-beta-7 | |
| OpenVPN | =2.1-beta-8 | |
| OpenVPN | =2.1-beta-9 | |
| OpenVPN | =2.1-rc_1 | |
| OpenVPN | =2.1-rc_10 | |
| OpenVPN | =2.1-rc_11 | |
| OpenVPN | =2.1-rc_12 | |
| OpenVPN | =2.1-rc_13 | |
| OpenVPN | =2.1-rc_14 | |
| OpenVPN | =2.1-rc_15 | |
| OpenVPN | =2.1-rc_16 | |
| OpenVPN | =2.1-rc_17 | |
| OpenVPN | =2.1-rc_18 | |
| OpenVPN | =2.1-rc_19 | |
| OpenVPN | =2.1-rc_2 | |
| OpenVPN | =2.1-rc_20 | |
| OpenVPN | =2.1-rc_21 | |
| OpenVPN | =2.1-rc_22 | |
| OpenVPN | =2.1-rc_3 | |
| OpenVPN | =2.1-rc_4 | |
| OpenVPN | =2.1-rc_5 | |
| OpenVPN | =2.1-rc_6 | |
| OpenVPN | =2.1-rc_7 | |
| OpenVPN | =2.1-rc_8 | |
| OpenVPN | =2.1-rc_9 | |
| OpenVPN | =2.1.0 | |
| OpenVPN | =2.1.1 | |
| OpenVPN | =2.1.2 | |
| OpenVPN | =2.1.3 | |
| OpenVPN | =2.1.4 | |
| OpenVPN | =2.2-beta1 | |
| OpenVPN | =2.2-beta2 | |
| OpenVPN | =2.2-beta3 | |
| OpenVPN | =2.2-beta4 | |
| OpenVPN | =2.2-beta5 | |
| OpenVPN | =2.2.0 | |
| OpenVPN | =2.2.1 | |
| OpenVPN | =2.2.2 | |
| OpenVPN | =2.3-alpha1 | |
| OpenVPN | =2.3-alpha2 | |
| OpenVPN | =2.3-alpha3 | |
| OpenVPN | =2.3-beta1 | |
| OpenVPN | =2.3-rc1 | |
| OpenVPN | =2.3-rc2 | |
| OpenVPN | =2.3.0 | |
| OpenVPN | =2.3.1 | |
| OpenVPN | =2.3.2 | |
| OpenVPN | =2.3.3 | |
| OpenVPN | =2.3.4 | |
| OpenVPN | =2.3.5 | |
| OpenVPN | =2.0.0 | |
| OpenVPN | =2.0.1 | |
| OpenVPN | =2.0.2 | |
| OpenVPN | =2.0.3 | |
| OpenVPN | =2.0.5 | |
| OpenVPN | =2.0.6 | |
| OpenVPN | =2.0.7 | |
| OpenVPN | =2.0.8 | |
| OpenVPN | =2.0.10 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =14.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0512.html
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html
- http://www.debian.org/security/2014/dsa-3084
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:139
- http://www.ubuntu.com/usn/USN-2430-1
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
Frequently Asked Questions
What is the severity of CVE-2014-8104?
CVE-2014-8104 has been rated as a medium severity vulnerability due to its potential to cause denial of service by crashing OpenVPN servers.
How do I fix CVE-2014-8104?
To mitigate CVE-2014-8104, upgrade OpenVPN to version 2.0.11 or later, 2.2.3 or later, or 2.3.6 or later.
What does CVE-2014-8104 exploit?
CVE-2014-8104 exploits a vulnerability in OpenVPN’s handling of small control channel packets to crash the server.
Which versions of OpenVPN are affected by CVE-2014-8104?
CVE-2014-8104 affects OpenVPN versions prior to 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6.
Can CVE-2014-8104 be exploited remotely?
Yes, CVE-2014-8104 can be exploited by remote authenticated users, allowing them to crash the OpenVPN server.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mageia
- canonical/mageia
- version/mageia/4.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- version/debian gnu/linux/8.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/12.3
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/openvpn
- canonical/openvpn
- version/openvpn/2.0.1_rc1
- version/openvpn/2.0.1_rc2
- version/openvpn/2.0.1_rc3
- version/openvpn/2.0.1_rc4
- version/openvpn/2.0.1_rc5
- version/openvpn/2.0.1_rc6
- version/openvpn/2.0.1_rc7
- version/openvpn/2.0.2_rc1
- version/openvpn/2.0.3_rc1
- version/openvpn/2.0.4
- version/openvpn/2.0.6_rc1
- version/openvpn/2.0.9
- version/openvpn/2.0_rc1
- version/openvpn/2.0_rc2
- version/openvpn/2.0_rc3
- version/openvpn/2.0_rc4
- version/openvpn/2.0_rc5
- version/openvpn/2.0_rc6
- version/openvpn/2.0_rc7
- version/openvpn/2.0_rc8
- version/openvpn/2.0_rc9
- version/openvpn/2.0_rc10
- version/openvpn/2.0_rc11
- version/openvpn/2.0_rc12
- version/openvpn/2.0_rc13
- version/openvpn/2.0_rc14
- version/openvpn/2.0_rc15
- version/openvpn/2.0_rc16
- version/openvpn/2.0_rc17
- version/openvpn/2.0_rc18
- version/openvpn/2.0_rc19
- version/openvpn/2.0_rc20
- version/openvpn/2.0_rc21
- version/openvpn/2.0_test1
- version/openvpn/2.0_test2
- version/openvpn/2.0_test3
- version/openvpn/2.0_test4
- version/openvpn/2.0_test5
- version/openvpn/2.0_test6
- version/openvpn/2.0_test7
- version/openvpn/2.0_test8
- version/openvpn/2.0_test9
- version/openvpn/2.0_test10
- version/openvpn/2.0_test11
- version/openvpn/2.0_test12
- version/openvpn/2.0_test14
- version/openvpn/2.0_test15
- version/openvpn/2.0_test16
- version/openvpn/2.0_test17
- version/openvpn/2.0_test18
- version/openvpn/2.0_test19
- version/openvpn/2.0_test20
- version/openvpn/2.0_test21
- version/openvpn/2.0_test22
- version/openvpn/2.0_test23
- version/openvpn/2.0_test24
- version/openvpn/2.0_test25
- version/openvpn/2.0_test26
- version/openvpn/2.0_test27
- version/openvpn/2.0_test28
- version/openvpn/2.0_test29
- version/openvpn/2.1-beta-1
- version/openvpn/2.1-beta-10
- version/openvpn/2.1-beta-11
- version/openvpn/2.1-beta-12
- version/openvpn/2.1-beta-13
- version/openvpn/2.1-beta-14
- version/openvpn/2.1-beta-15
- version/openvpn/2.1-beta-16
- version/openvpn/2.1-beta-2
- version/openvpn/2.1-beta-3
- version/openvpn/2.1-beta-4
- version/openvpn/2.1-beta-5
- version/openvpn/2.1-beta-6
- version/openvpn/2.1-beta-7
- version/openvpn/2.1-beta-8
- version/openvpn/2.1-beta-9
- version/openvpn/2.1-rc_1
- version/openvpn/2.1-rc_10
- version/openvpn/2.1-rc_11
- version/openvpn/2.1-rc_12
- version/openvpn/2.1-rc_13
- version/openvpn/2.1-rc_14
- version/openvpn/2.1-rc_15
- version/openvpn/2.1-rc_16
- version/openvpn/2.1-rc_17
- version/openvpn/2.1-rc_18
- version/openvpn/2.1-rc_19
- version/openvpn/2.1-rc_2
- version/openvpn/2.1-rc_20
- version/openvpn/2.1-rc_21
- version/openvpn/2.1-rc_22
- version/openvpn/2.1-rc_3
- version/openvpn/2.1-rc_4
- version/openvpn/2.1-rc_5
- version/openvpn/2.1-rc_6
- version/openvpn/2.1-rc_7
- version/openvpn/2.1-rc_8
- version/openvpn/2.1-rc_9
- version/openvpn/2.1.0
- version/openvpn/2.1.1
- version/openvpn/2.1.2
- version/openvpn/2.1.3
- version/openvpn/2.1.4
- version/openvpn/2.2-beta1
- version/openvpn/2.2-beta2
- version/openvpn/2.2-beta3
- version/openvpn/2.2-beta4
- version/openvpn/2.2-beta5
- version/openvpn/2.2.0
- version/openvpn/2.2.1
- version/openvpn/2.2.2
- version/openvpn/2.3-alpha1
- version/openvpn/2.3-alpha2
- version/openvpn/2.3-alpha3
- version/openvpn/2.3-beta1
- version/openvpn/2.3-rc1
- version/openvpn/2.3-rc2
- version/openvpn/2.3.0
- version/openvpn/2.3.1
- version/openvpn/2.3.2
- version/openvpn/2.3.3
- version/openvpn/2.3.4
- version/openvpn/2.3.5
- version/openvpn/2.0.0
- version/openvpn/2.0.1
- version/openvpn/2.0.2
- version/openvpn/2.0.3
- version/openvpn/2.0.5
- version/openvpn/2.0.6
- version/openvpn/2.0.7
- version/openvpn/2.0.8
- version/openvpn/2.0.10
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- version/ubuntu linux/14.10