Download OpenVPN 2.0.4

OpenVPN is a robust and easy to set up SSL VPN daemon that connects different private networks through an encrypted tunnel over the internet. For security, the OpenSSL library is used with which all encryption, authentication and certification can be handled. Recently version 2.0.4 is already available with the following changes since the last entry in the muck tracker:

Version 2.0.4:

• Security fix — Affects non-Windows OpenVPN clients of version 2.0 or higher which connect to a malicious or compromised server. A format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if (a) the client’s TLS negotiation with the server succeeds, (b) the server is malicious or has been compromised such that it is configured to push a maliciously crafted options string to the client, and (c) the client indicates its willingness to accept pushed options from the server by having “pull” or “client” in its configuration file (Credit: Vade79). CVE-2005-3393
• Security fix — Potential DoS vulnerability on the server in TCP mode. If the TCP server accept() call returns an error status, the resulting exception handler may attempt to indirectly through a NULL pointer, causing a segfault. Affects all OpenVPN 2.0 versions. CVE-2005-3409
• Fix attempt of assertion at multi.c:1586 (note that this precise line number will vary across different versions of OpenVPN).
• Added “.PHONY: plugin” to Makefile.am to work around “make dist” issue.
• Fixed double fork issue that occurs when –management-hold is used.
• Moved TUN/TAP read/write log messages from –verb 8 to 6.
• Warn when multiple clients having the same common name or username usurp each other when –duplicate-cn is not used.
• Modified Windows and Linux versions of get_default_gateway to return the route with the smallest metric if multiple 0.0.0.0/0.0.0.0 entries are present.

Version 2.0.3-rc1:

• openvpn_plugin_abort_v1 function wasn’t being properly registered on Windows.
• Fixed a bug where –mode server –proto tcp-server –cipher none operation could cause tunnel packet truncation.

Version 2.0.2:

No change from 2.0.2-rc1.

Version 2.0.2-rc1:

• Fixed regression bug in Win32 installer, introduced in 2.0.1, which incorrectly set OpenVPN service to autostart.
• Don’t package source code zip file in Windows installer in order to reduce the size of the installer. The source zip file can always be downloaded separately if needed.
• Fixed bug in route.c in FreeBSD, Darwin, OpenBSD and NetBSD version of get_default_gateway. Allocated socket for route manipulation is never freed so number of mbufs continuously grow and exhaust system resources after a while (Jaroslav Klaus).
• Fixed bug where “–proto tcp-server –mode p2p –management host port” would cause the management port to not respond until the OpenVPN peer connects.
• Modified pkitool script to be /bin/sh compatible (Johnny Lam).

Version 2.0.1:

• Security Fix — DoS attack against server when run with “verb 0” and without “tls-auth”. If a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client (CAN-2005 -2531).
• Security Fix — DoS attack against server by authenticated client. This bug presents a potential DoS attack vector against the server which can only be initiated by a connected and authenticated client. If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client ( CAN-2005-2532).
• Security Fix — DoS attack against server by authenticated client. A malicious client in “dev tap” ethernet bridging mode could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, causing the OpenVPN process to deplete system virtual memory as it expands its internal routing table. A –max-routes-per-client directive has been added (default=256) to limit the maximum number of routes in OpenVPN’s internal routing table which can be associated with a given client (CAN-2005-2533).
• Security Fix — DoS attack against server by authenticated client. If two or more client machines try to connect to the server at the same time via TCP, using the same client certificate, and when –duplicate-cn is not enabled on the server, a race condition can crash the server with “Assertion failed at mtcp.c:411” (CAN-2005-2534).
• Fixed server bug where under certain circumstances, the client instance object deletion function would try to delete iroutes which had never been added in the first place, triggering “Assertion failed at mroute.c:349”.
• Added –auth-retry option to prevent auth errors from being fatal on the client side, and to permit username/password requeries in case of error. Also controllable via new “auth-retry” management interface command. See manual page for more info.
• Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0
• Fixed bug in openvpn.spec where rpmbuild –define ‘without_pam 1’ would fail to build.
• Implement “make check” to perform loopback tests (Matthias Andree).