Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-6329 (GCVE-0-2016-6329)
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:18.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sweet32.info/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"name": "1036695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"name": "GLSA-201611-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"name": "92631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92631"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T12:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sweet32.info/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"name": "1036695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"name": "GLSA-201611-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"name": "92631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92631"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6329",
"datePublished": "2017-01-31T22:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:18.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-6329\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-01-31T22:59:00.377\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \\\"Sweet32\\\" attack.\"},{\"lang\":\"es\",\"value\":\"OpenVPN, cuando utiliza un cifrado de bloques de 64 bits, facilita a atacantes remotos obtener datos de texto plano a trav\u00e9s de un ataque birthday contra una sesi\u00f3n encriptada de larga duraci\u00f3n, como lo demuestra una sesi\u00f3n HTTP-over-OpenVPN usando Blowfish en modo CBC, tambi\u00e9n conocido como ataque \\\"Sweet32\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.14\",\"matchCriteriaId\":\"2B92389B-7815-40EC-AA21-14154621BFAC\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21991482\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21995039\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92631\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036695\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://community.openvpn.net/openvpn/wiki/SWEET32\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201611-02\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sweet32.info/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21991482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21995039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036695\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://community.openvpn.net/openvpn/wiki/SWEET32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201611-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sweet32.info/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]}]}}"
}
}
ghsa-w6pr-cm6j-f384
Vulnerability from github
Published
2022-05-14 00:56
Modified
2025-04-20 03:32
Severity ?
VLAI Severity ?
Details
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
{
"affected": [],
"aliases": [
"CVE-2016-6329"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-31T22:59:00Z",
"severity": "MODERATE"
},
"details": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.",
"id": "GHSA-w6pr-cm6j-f384",
"modified": "2025-04-20T03:32:04Z",
"published": "2022-05-14T00:56:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6329"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-02"
},
{
"type": "WEB",
"url": "https://sweet32.info"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92631"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036695"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
ICSA-19-192-04
Vulnerability from csaf_cisa
Published
2019-07-09 00:00
Modified
2019-07-09 00:00
Summary
ICSA-19-192-04 Siemens SIMATIC RF6XXR
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's TXT advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
General Recommendations
As a general security measure, Siemens strongly recommends to protectnetwork access to devices with appropriate mechanisms. In order tooperate the devices in a protected IT environment, Siemens recommends toconfigure the environment according to Siemens' operational guidelinesfor Industrial Security (Download:https://www.siemens.com/cert/operational-guidelines-industrial-security),and to follow the recommendations in the product manuals.
General Recommendations
Additional information on Industrial Security by Siemens can be foundat: https://www.siemens.com/industrialsecurity
Terms of Use
Siemens Security Advisories are subject to the terms and conditions containedin Siemens' underlying license terms or other applicable agreements previouslyagreed to with Siemens (hereinafter "License Terms"). To the extent applicableto information, software or documentation made available in or through aSiemens Security Advisory, the Terms of Use of Siemens' Global Website(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), inparticular Sections 8-10 of the Terms of Use, shall apply additionally. In caseof conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"acknowledgments": [
{
"names": [
"Wendy Parrington"
],
"organization": "United Utilities",
"summary": "coordinating disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s TXT advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protectnetwork access to devices with appropriate mechanisms. In order tooperate the devices in a protected IT environment, Siemens recommends toconfigure the environment according to Siemens\u0027 operational guidelinesfor Industrial Security (Download:https://www.siemens.com/cert/operational-guidelines-industrial-security),and to follow the recommendations in the product manuals.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "Additional information on Industrial Security by Siemens can be foundat: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions containedin Siemens\u0027 underlying license terms or other applicable agreements previouslyagreed to with Siemens (hereinafter \"License Terms\"). To the extent applicableto information, software or documentation made available in or through aSiemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website(https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), inparticular Sections 8-10 of the Terms of Use, shall apply additionally. In caseof conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-556833: TLS Vulnerabilities in SIMATIC RF6XXR",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-192-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/OT/white/2019/icsa-19-192-04.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-19-192-04 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-192-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "ICSA-19-192-04 Siemens SIMATIC RF6XXR",
"tracking": {
"current_release_date": "2019-07-09T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-192-04",
"initial_release_date": "2019-07-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-07-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.1",
"product": {
"name": "SIMATIC RF615R",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC RF615R"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.1",
"product": {
"name": "SIMATIC RF68XR",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC RF68XR"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses e.g. the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API, aka a \"BEAST\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-6329",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "TLS, when used with a 64-bit block cipher, could allow remote attackers to obtain cleartext data by leveraging a birthday attack against a long-duration encrypted session, aka a \"Sweet32\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6329"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"notes": [
{
"category": "summary",
"text": "TLS and DTLS versions 1.1 and 1.2, as used in the affected product, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
icsa-19-192-04
Vulnerability from csaf_cisa
Published
2019-07-09 00:00
Modified
2019-07-09 00:00
Summary
ICSA-19-192-04 Siemens SIMATIC RF6XXR
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's TXT advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
General Recommendations
As a general security measure, Siemens strongly recommends to protectnetwork access to devices with appropriate mechanisms. In order tooperate the devices in a protected IT environment, Siemens recommends toconfigure the environment according to Siemens' operational guidelinesfor Industrial Security (Download:https://www.siemens.com/cert/operational-guidelines-industrial-security),and to follow the recommendations in the product manuals.
General Recommendations
Additional information on Industrial Security by Siemens can be foundat: https://www.siemens.com/industrialsecurity
Terms of Use
Siemens Security Advisories are subject to the terms and conditions containedin Siemens' underlying license terms or other applicable agreements previouslyagreed to with Siemens (hereinafter "License Terms"). To the extent applicableto information, software or documentation made available in or through aSiemens Security Advisory, the Terms of Use of Siemens' Global Website(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), inparticular Sections 8-10 of the Terms of Use, shall apply additionally. In caseof conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"acknowledgments": [
{
"names": [
"Wendy Parrington"
],
"organization": "United Utilities",
"summary": "coordinating disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s TXT advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protectnetwork access to devices with appropriate mechanisms. In order tooperate the devices in a protected IT environment, Siemens recommends toconfigure the environment according to Siemens\u0027 operational guidelinesfor Industrial Security (Download:https://www.siemens.com/cert/operational-guidelines-industrial-security),and to follow the recommendations in the product manuals.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "Additional information on Industrial Security by Siemens can be foundat: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions containedin Siemens\u0027 underlying license terms or other applicable agreements previouslyagreed to with Siemens (hereinafter \"License Terms\"). To the extent applicableto information, software or documentation made available in or through aSiemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website(https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), inparticular Sections 8-10 of the Terms of Use, shall apply additionally. In caseof conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-556833: TLS Vulnerabilities in SIMATIC RF6XXR",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-192-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/OT/white/2019/icsa-19-192-04.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-19-192-04 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-192-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "ICSA-19-192-04 Siemens SIMATIC RF6XXR",
"tracking": {
"current_release_date": "2019-07-09T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-192-04",
"initial_release_date": "2019-07-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-07-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.1",
"product": {
"name": "SIMATIC RF615R",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC RF615R"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.1",
"product": {
"name": "SIMATIC RF68XR",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC RF68XR"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses e.g. the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API, aka a \"BEAST\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-6329",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "TLS, when used with a 64-bit block cipher, could allow remote attackers to obtain cleartext data by leveraging a birthday attack against a long-duration encrypted session, aka a \"Sweet32\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6329"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"notes": [
{
"category": "summary",
"text": "TLS and DTLS versions 1.1 and 1.2, as used in the affected product, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
fkie_cve-2016-6329
Vulnerability from fkie_nvd
Published
2017-01-31 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B92389B-7815-40EC-AA21-14154621BFAC",
"versionEndIncluding": "2.3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack."
},
{
"lang": "es",
"value": "OpenVPN, cuando utiliza un cifrado de bloques de 64 bits, facilita a atacantes remotos obtener datos de texto plano a trav\u00e9s de un ataque birthday contra una sesi\u00f3n encriptada de larga duraci\u00f3n, como lo demuestra una sesi\u00f3n HTTP-over-OpenVPN usando Blowfish en modo CBC, tambi\u00e9n conocido como ataque \"Sweet32\"."
}
],
"id": "CVE-2016-6329",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-31T22:59:00.377",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036695"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201611-02"
},
{
"source": "secalert@redhat.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sweet32.info/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201611-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sweet32.info/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2016-06784
Vulnerability from cnvd
Title: OpenVPN信息泄露漏洞
Description:
OpenVPN是美国OpenVPN公司的一个用于创建虚拟专用网络(VPN)加密通道的软件包,它使用OpenSSL库来加密数据与控制信息,并允许创建的VPN使用公开密钥、电子证书、或者用户名/密码来进行身份验证。
OpenVPN中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。
Severity: 中
Formal description:
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: http://openvpn.net/
Reference: http://www.securityfocus.com/bid/92631
Impacted products
| Name | OpenVPN Openvpn |
|---|
{
"bids": {
"bid": {
"bidNumber": "92631"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-6329"
}
},
"description": "OpenVPN\u662f\u7f8e\u56fdOpenVPN\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u521b\u5efa\u865a\u62df\u4e13\u7528\u7f51\u7edc\uff08VPN\uff09\u52a0\u5bc6\u901a\u9053\u7684\u8f6f\u4ef6\u5305\uff0c\u5b83\u4f7f\u7528OpenSSL\u5e93\u6765\u52a0\u5bc6\u6570\u636e\u4e0e\u63a7\u5236\u4fe1\u606f\uff0c\u5e76\u5141\u8bb8\u521b\u5efa\u7684VPN\u4f7f\u7528\u516c\u5f00\u5bc6\u94a5\u3001\u7535\u5b50\u8bc1\u4e66\u3001\u6216\u8005\u7528\u6237\u540d/\u5bc6\u7801\u6765\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\r\n\r\nOpenVPN\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Karthik Bhargavan and Gaetan Leurent from Inria.",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a \r\nhttp://openvpn.net/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-06784",
"openTime": "2016-08-27",
"products": {
"product": "OpenVPN Openvpn"
},
"referenceLink": "http://www.securityfocus.com/bid/92631",
"serverity": "\u4e2d",
"submitTime": "2016-08-26",
"title": "OpenVPN\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
suse-su-2017:1622-1
Vulnerability from csaf_suse
Published
2017-06-20 06:39
Modified
2017-06-20 06:39
Summary
Security update for openvpn
Notes
Title of the patch
Security update for openvpn
Description of the patch
This update for openvpn fixes the following issues:
- CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374)
- CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709)
- CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711)
- Hardening measures found by internal audit (bsc#1038713)
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2017-998,SUSE-SLE-RPI-12-SP2-2017-998,SUSE-SLE-SERVER-12-SP2-2017-998
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openvpn",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openvpn fixes the following issues:\n\n- CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374)\n- CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709)\n- CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711)\n- Hardening measures found by internal audit (bsc#1038713)\n\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2017-998,SUSE-SLE-RPI-12-SP2-2017-998,SUSE-SLE-SERVER-12-SP2-2017-998",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1622-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:1622-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171622-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:1622-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-June/002964.html"
},
{
"category": "self",
"summary": "SUSE Bug 1038709",
"url": "https://bugzilla.suse.com/1038709"
},
{
"category": "self",
"summary": "SUSE Bug 1038711",
"url": "https://bugzilla.suse.com/1038711"
},
{
"category": "self",
"summary": "SUSE Bug 1038713",
"url": "https://bugzilla.suse.com/1038713"
},
{
"category": "self",
"summary": "SUSE Bug 995374",
"url": "https://bugzilla.suse.com/995374"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6329 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7478 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7479 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7479/"
}
],
"title": "Security update for openvpn",
"tracking": {
"current_release_date": "2017-06-20T06:39:38Z",
"generator": {
"date": "2017-06-20T06:39:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:1622-1",
"initial_release_date": "2017-06-20T06:39:38Z",
"revision_history": [
{
"date": "2017-06-20T06:39:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.3.8-16.14.1.aarch64",
"product": {
"name": "openvpn-2.3.8-16.14.1.aarch64",
"product_id": "openvpn-2.3.8-16.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"product": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"product_id": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.3.8-16.14.1.ppc64le",
"product": {
"name": "openvpn-2.3.8-16.14.1.ppc64le",
"product_id": "openvpn-2.3.8-16.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"product": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"product_id": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.3.8-16.14.1.s390x",
"product": {
"name": "openvpn-2.3.8-16.14.1.s390x",
"product_id": "openvpn-2.3.8-16.14.1.s390x"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"product": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"product_id": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.3.8-16.14.1.x86_64",
"product": {
"name": "openvpn-2.3.8-16.14.1.x86_64",
"product_id": "openvpn-2.3.8-16.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"product": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"product_id": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64"
},
"product_reference": "openvpn-2.3.8-16.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64"
},
"product_reference": "openvpn-2.3.8-16.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64"
},
"product_reference": "openvpn-2.3.8-16.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le"
},
"product_reference": "openvpn-2.3.8-16.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x"
},
"product_reference": "openvpn-2.3.8-16.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64"
},
"product_reference": "openvpn-2.3.8-16.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64"
},
"product_reference": "openvpn-2.3.8-16.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le"
},
"product_reference": "openvpn-2.3.8-16.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x"
},
"product_reference": "openvpn-2.3.8-16.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64"
},
"product_reference": "openvpn-2.3.8-16.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
},
"product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-6329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6329"
}
],
"notes": [
{
"category": "general",
"text": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6329",
"url": "https://www.suse.com/security/cve/CVE-2016-6329"
},
{
"category": "external",
"summary": "SUSE Bug 1026864 for CVE-2016-6329",
"url": "https://bugzilla.suse.com/1026864"
},
{
"category": "external",
"summary": "SUSE Bug 995374 for CVE-2016-6329",
"url": "https://bugzilla.suse.com/995374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-20T06:39:38Z",
"details": "moderate"
}
],
"title": "CVE-2016-6329"
},
{
"cve": "CVE-2017-7478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7478"
}
],
"notes": [
{
"category": "general",
"text": "OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7478",
"url": "https://www.suse.com/security/cve/CVE-2017-7478"
},
{
"category": "external",
"summary": "SUSE Bug 1038709 for CVE-2017-7478",
"url": "https://bugzilla.suse.com/1038709"
},
{
"category": "external",
"summary": "SUSE Bug 1038713 for CVE-2017-7478",
"url": "https://bugzilla.suse.com/1038713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-20T06:39:38Z",
"details": "important"
}
],
"title": "CVE-2017-7478"
},
{
"cve": "CVE-2017-7479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7479"
}
],
"notes": [
{
"category": "general",
"text": "OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7479",
"url": "https://www.suse.com/security/cve/CVE-2017-7479"
},
{
"category": "external",
"summary": "SUSE Bug 1038711 for CVE-2017-7479",
"url": "https://bugzilla.suse.com/1038711"
},
{
"category": "external",
"summary": "SUSE Bug 1038713 for CVE-2017-7479",
"url": "https://bugzilla.suse.com/1038713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-20T06:39:38Z",
"details": "moderate"
}
],
"title": "CVE-2017-7479"
}
]
}
suse-su-2017:2838-1
Vulnerability from csaf_suse
Published
2017-10-24 09:59
Modified
2017-10-24 09:59
Summary
Security update for openvpn
Notes
Title of the patch
Security update for openvpn
Description of the patch
This update for openvpn fixes the following security issues:
- CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877).
- CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374)
- CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of Service of server via received large control packet. (bsc#1038709)
- CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. (bsc#1038711)
- Some other hardening fixes have also been applied (bsc#1038713)
Patchnames
sleposp3-openvpn-13322,slessp3-openvpn-13322,slessp4-openvpn-13322
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openvpn",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThis update for openvpn fixes the following security issues:\n\n- CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877).\n- CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374)\n- CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of Service of server via received large control packet. (bsc#1038709)\n- CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. (bsc#1038711)\n- Some other hardening fixes have also been applied (bsc#1038713)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-openvpn-13322,slessp3-openvpn-13322,slessp4-openvpn-13322",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2838-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2838-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172838-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2838-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003351.html"
},
{
"category": "self",
"summary": "SUSE Bug 1038709",
"url": "https://bugzilla.suse.com/1038709"
},
{
"category": "self",
"summary": "SUSE Bug 1038711",
"url": "https://bugzilla.suse.com/1038711"
},
{
"category": "self",
"summary": "SUSE Bug 1038713",
"url": "https://bugzilla.suse.com/1038713"
},
{
"category": "self",
"summary": "SUSE Bug 1060877",
"url": "https://bugzilla.suse.com/1060877"
},
{
"category": "self",
"summary": "SUSE Bug 995374",
"url": "https://bugzilla.suse.com/995374"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6329 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12166 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7478 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7479 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7479/"
}
],
"title": "Security update for openvpn",
"tracking": {
"current_release_date": "2017-10-24T09:59:40Z",
"generator": {
"date": "2017-10-24T09:59:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2838-1",
"initial_release_date": "2017-10-24T09:59:40Z",
"revision_history": [
{
"date": "2017-10-24T09:59:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.0.9-143.47.3.1.i586",
"product": {
"name": "openvpn-2.0.9-143.47.3.1.i586",
"product_id": "openvpn-2.0.9-143.47.3.1.i586"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"product": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.0.9-143.47.3.1.ia64",
"product": {
"name": "openvpn-2.0.9-143.47.3.1.ia64",
"product_id": "openvpn-2.0.9-143.47.3.1.ia64"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"product": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.0.9-143.47.3.1.ppc64",
"product": {
"name": "openvpn-2.0.9-143.47.3.1.ppc64",
"product_id": "openvpn-2.0.9-143.47.3.1.ppc64"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"product": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.0.9-143.47.3.1.s390x",
"product": {
"name": "openvpn-2.0.9-143.47.3.1.s390x",
"product_id": "openvpn-2.0.9-143.47.3.1.s390x"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"product": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-2.0.9-143.47.3.1.x86_64",
"product": {
"name": "openvpn-2.0.9-143.47.3.1.x86_64",
"product_id": "openvpn-2.0.9-143.47.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"product": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64"
},
"product_reference": "openvpn-2.0.9-143.47.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
},
"product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-6329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6329"
}
],
"notes": [
{
"category": "general",
"text": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6329",
"url": "https://www.suse.com/security/cve/CVE-2016-6329"
},
{
"category": "external",
"summary": "SUSE Bug 1026864 for CVE-2016-6329",
"url": "https://bugzilla.suse.com/1026864"
},
{
"category": "external",
"summary": "SUSE Bug 995374 for CVE-2016-6329",
"url": "https://bugzilla.suse.com/995374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-24T09:59:40Z",
"details": "moderate"
}
],
"title": "CVE-2016-6329"
},
{
"cve": "CVE-2017-12166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12166"
}
],
"notes": [
{
"category": "general",
"text": "OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12166",
"url": "https://www.suse.com/security/cve/CVE-2017-12166"
},
{
"category": "external",
"summary": "SUSE Bug 1060877 for CVE-2017-12166",
"url": "https://bugzilla.suse.com/1060877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-24T09:59:40Z",
"details": "critical"
}
],
"title": "CVE-2017-12166"
},
{
"cve": "CVE-2017-7478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7478"
}
],
"notes": [
{
"category": "general",
"text": "OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7478",
"url": "https://www.suse.com/security/cve/CVE-2017-7478"
},
{
"category": "external",
"summary": "SUSE Bug 1038709 for CVE-2017-7478",
"url": "https://bugzilla.suse.com/1038709"
},
{
"category": "external",
"summary": "SUSE Bug 1038713 for CVE-2017-7478",
"url": "https://bugzilla.suse.com/1038713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-24T09:59:40Z",
"details": "important"
}
],
"title": "CVE-2017-7478"
},
{
"cve": "CVE-2017-7479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7479"
}
],
"notes": [
{
"category": "general",
"text": "OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7479",
"url": "https://www.suse.com/security/cve/CVE-2017-7479"
},
{
"category": "external",
"summary": "SUSE Bug 1038711 for CVE-2017-7479",
"url": "https://bugzilla.suse.com/1038711"
},
{
"category": "external",
"summary": "SUSE Bug 1038713 for CVE-2017-7479",
"url": "https://bugzilla.suse.com/1038713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-24T09:59:40Z",
"details": "moderate"
}
],
"title": "CVE-2017-7479"
}
]
}
gsd-2016-6329
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-6329",
"description": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.",
"id": "GSD-2016-6329",
"references": [
"https://www.suse.com/security/cve/CVE-2016-6329.html",
"https://ubuntu.com/security/CVE-2016-6329",
"https://advisories.mageia.org/CVE-2016-6329.html",
"https://alas.aws.amazon.com/cve/html/CVE-2016-6329.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-6329"
],
"details": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.",
"id": "GSD-2016-6329",
"modified": "2023-12-13T01:21:23.561850Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sweet32.info/",
"refsource": "MISC",
"url": "https://sweet32.info/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
"refsource": "MISC",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"name": "http://www.securityfocus.com/bid/92631",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/92631"
},
{
"name": "http://www.securitytracker.com/id/1036695",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1036695"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/SWEET32",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"name": "https://security.gentoo.org/glsa/201611-02",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201611-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6329"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
},
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sweet32.info/",
"refsource": "MISC",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sweet32.info/"
},
{
"name": "GLSA-201611-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201611-02"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/SWEET32",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
"refsource": "CONFIRM",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"name": "1036695",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036695"
},
{
"name": "92631",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92631"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-07-09T13:15Z",
"publishedDate": "2017-01-31T22:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…