 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2014-0016 |
| Description: | stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.10.2014.0144 1.3.6.1.4.1.25623.1.0.121258 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0016 65964 http://www.securityfocus.com/bid/65964 [oss-security] 20140305 libssh and stunnel PRNG flaws http://www.openwall.com/lists/oss-security/2014/03/05/1 https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff https://bugzilla.redhat.com/show_bug.cgi?id=1072180 https://bugzilla.redhat.com/show_bug.cgi?id=1072180 https://www.stunnel.org/sdf_ChangeLog.html https://www.stunnel.org/sdf_ChangeLog.html |