CVE-2005-2533

Name of the Vulnerable Software and Affected Versions OpenVPN versions prior to 2.0.1

Description The issue concerns multiple vulnerabilities in the OpenVPN package in Debian GNU/Linux, which can lead to disruption of protected information availability. These vulnerabilities can be exploited remotely. Specifically, when OpenVPN is running in "dev tap" Ethernet bridging mode, remote authenticated clients can cause a denial of service (memory exhaustion) by flooding the system with packets containing a large number of spoofed MAC addresses.

Recommendations For OpenVPN versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "dev tap" mode to minimize the risk of exploitation.