OpenVPN released an update to respond to the OpenSSL vulnerability described in CVE-2009-3555. OpenVPN has identified a vulnerability caused by an error in OpenSSL which could be exploited by attackers to manipulate certain data and information.
OpenVPN recommend upgrading to version 2.1_rc21 which is available here.
Additional information regarding OpenVPN session renegotiation is available here.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Nov 17th 2009
8 years ago