Jump to content
Carrotcruncher

Secunia PSI is flagging up Open VPN as outdated

Recommended Posts

Have just installed KIS 17 on three computers and find KSN was installed on all of them. Now Secunia PSI is flagging up Open VPN as outdated and needs updating manually. After some poking around I find this is part of KSN, so is this something that will be automatically updated by Kaspersky or do we have to do it. I did find find that there is a critical update for Open VPN available for some vulnerabilities.

Share this post


Link to post
Have just installed KIS 17 on three computers and find KSN was installed on all of them. Now Secunia PSI is flagging up Open VPN as outdated and needs updating manually. After some poking around I find this is part of KSN, so is this something that will be automatically updated by Kaspersky or do we have to do it. I did find find that there is a critical update for Open VPN available for some vulnerabilities.

Hi, Secunia PSI is a separate application and it is not related to KSN.

If there is a vulnerability in program, then the first thing you should do is update it to the latest version.

Share this post


Link to post
Hi, Secunia PSI is a separate application and it is not related to KSN.

If there is a vulnerability in program, then the first thing you should do is update it to the latest version.

 

Yes Sir I know that about Secunia, but OpenVPN is part of Kaspersky secure connection that was installed with KIS 17. So will Kaspersky updated this with the usual updates or do I have to do it myself, and if so, will it cause any problems with KSC??

 

Share this post


Link to post

I finally figured out where OpenVPN is located as well. My solution is going to be uninstalling KIS Secure Connection.

Share this post


Link to post
If there is a vulnerability in program, then the first thing you should do is update it to the latest version.

 

The problem for those users who did not previously and independently install OpenVPN, but for other users too, is that OpenVPN is not listed as an installed program but resides within the Kaspersky folders as "openvpn.exe". Therefore, updating OpenVPN will actually mean installing OpenVPN as a separate entity, while the component which was flagged vulnerable by Flexera/Secunia PSI remains.

 

A user could extract "openvpn.exe" from the updated OpenVPN setup file and replace the component in the Kaspersky folder, but the question is whether this will affect the integrity of Kaspersky Secure Network.

Edited by lmaxmai

Share this post


Link to post
The problem for those users who did not previously and independently install OpenVPN, but for other users too, is that OpenVPN is not listed as an installed program but resides within the Kaspersky folders as "openvpn.exe". Therefore, updating OpenVPN will actually mean installing OpenVPN as a separate entity, while the component which was flagged vulnerable by Flexera/Secunia PSI remains.

 

A user could extract "openvpn.exe" from the updated OpenVPN setup file and replace the component in the Kaspersky folder, but the question is whether this will affect the integrity of Kaspersky Secure Network.

 

Precisely my point but no sensible answer from Kaspersky.

 

Share this post


Link to post

Hello!

Now I understand the issue. Thank you for the details!

 

As we know (issue 1792716) OpenVPN vulnerability relates only to server side. Client side fix does not required.

 

But additionally, could you please provide Secunia link on this vulnerability (to make sure that we are talking about the same issue)?

Thanks.

 

P.S. Indeed, if will be necessary to perform some updates in product's modules (including OpenVPN) - it will be done effectively and asap.

Share this post


Link to post
Discussed the issue with Carrotcruncher via Private messages.

I face the same situation, so I kindly ask you to share any further information with me as well.

Edited by lmaxmai

Share this post


Link to post
I face the same situation, so I kindly ask you to share any further information with me as well.

The same here. This is the Secunia Advisory SA70524 issued 2016-05-11. Since then - now almost 8 months ago - Secunia PSI has been flagging OpenVPN 2.x as a HIGHLY CRITICAL issue. The problem for us users is that this OpenVPN 2.x was distributed with the Kaspersky package (in my case Kaspersky Anti-Virus) and can't be updated separately by us users. It needs to be updated and redistributed by Kaspersky Labs. Please see the 2 attached screenshots.

 

Dear Kaspersky Labs, please provide us with a fix asap! Your reply will be appreciated. Thank you in advance.

post-616174-1483373178_thumb.png

post-616174-1483373186_thumb.png

Share this post


Link to post

Dear Kaspersky Lab, may I ask again for your response? Please let me know if you need any more information.

Edited by Cygnus2112

Share this post


Link to post

Dear Kaspersky Lab, Secunia calls it a "highly critical issue". I don't like to be pushy but... do we have to assume that you don't care?

 

Share this post


Link to post
Dear Kaspersky Lab, Secunia calls it a "highly critical issue". I don't like to be pushy but... do we have to assume that you don't care?

 

Hello Cygnus2112!

 

We know about this issue indicated by Secunia application.

The initial issue(vulnerability) DOES NOT related to client site of the app. Server side of our infrastructutre has been already fixed.

Thus there are no risks to our customers related to this issue.

 

Thank you for the attention!

 

--

P.S. We have informed colleagues about the issue. When the news will be received from them - I will update this thread. Most probably the file will be updated in the next version on KSeC.

Share this post


Link to post

Alright, thank you. Whoever is responsible - I hope this can be resolved asap as this keeps on being flagged by Secunia which is not exactly inspiring confidence.

Share this post


Link to post

Hello,

 

Please check problem with Secunia again. Thanks.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.