Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - OpenVPN Fixed OpenSSL Session Renegotiation Issue InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

OpenVPN Fixed OpenSSL Session Renegotiation Issue

Published: 2009-11-17
Last Updated: 2009-11-17 14:59:46 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

OpenVPN released an update to respond to the OpenSSL vulnerability described in CVE-2009-3555. OpenVPN has identified a vulnerability caused by an error in OpenSSL which could be exploited by attackers to manipulate certain data and information.

OpenVPN recommend upgrading to version 2.1_rc21 which is available here.

Additional information regarding OpenVPN session renegotiation is available here.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: OpenVPN
0 comment(s)
Diary Archives