Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:297

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51014

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:297

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:297.

Stunnel is a wrapper for network connections. It can be used to tunnel an
unencrypted network connection over an encrypted connection (encrypted
using SSL or TLS) or to provide an encrypted means of connecting to
services that do not natively support encryption.

A previous advisory provided updated packages to address re-entrancy
problems in stunnel's signal-handling routines. These updates did not
address other bugs that were found by Steve Grubb, and introduced an
additional bug, which was fixed in stunnel 3.26.

All users should upgrade to these errata packages, which address these
issues by updating stunnel to version 3.26.

NOTE: After upgrading, any instances of stunnel configured to run in daemon
mode should be restarted, and any active network connections that are
currently being serviced by stunnel should be terminated and reestablished.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-297.html
http://marc.theaimsgroup.com/?l=stunnel-users&m=105980139926784
http://marc.theaimsgroup.com/?l=stunnel-users&m=106221975232250
http://marc.theaimsgroup.com/?l=bugtraq&m=106260760211958

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0740
Bugtraq: 20030903 Stunnel-3.x Daemon Hijacking (Google Search)
http://marc.info/?l=bugtraq&m=106260760211958&w=2
Conectiva Linux advisory: CLA-2003:736
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736
http://www.mandriva.com/security/advisories?name=MDKSA-2003:108
http://www.redhat.com/support/errata/RHSA-2003-297.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51014
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:297
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:297. Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection (encrypted using SSL or TLS) or to provide an encrypted means of connecting to services that do not natively support encryption. A previous advisory provided updated packages to address re-entrancy problems in stunnel's signal-handling routines. These updates did not address other bugs that were found by Steve Grubb, and introduced an additional bug, which was fixed in stunnel 3.26. All users should upgrade to these errata packages, which address these issues by updating stunnel to version 3.26. NOTE: After upgrading, any instances of stunnel configured to run in daemon mode should be restarted, and any active network connections that are currently being serviced by stunnel should be terminated and reestablished. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-297.html http://marc.theaimsgroup.com/?l=stunnel-users&m=105980139926784 http://marc.theaimsgroup.com/?l=stunnel-users&m=106221975232250 http://marc.theaimsgroup.com/?l=bugtraq&m=106260760211958 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0740 Bugtraq: 20030903 Stunnel-3.x Daemon Hijacking (Google Search) http://marc.info/?l=bugtraq&m=106260760211958&w=2 Conectiva Linux advisory: CLA-2003:736 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://www.mandriva.com/security/advisories?name=MDKSA-2003:108 http://www.redhat.com/support/errata/RHSA-2003-297.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com