 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51456 |
| Category: | Conectiva Local Security Checks |
| Title: | Conectiva Security Advisory CLA-2003:736 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory CLA-2003:736. Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over a secure connection (encrypted using SSL or TLS) or to provide a secure means of connecting to services that do not natively support encryption. This update fixes two vulnerabilities that affect stunnel versions shipped with Conectiva Linux: 1. SIGCHLD Denial of Service (CVE-2002-1563)[1] Henrik Eriksson found[2] a race in the code that handles the SIGCHLD signal. This vulnerability affects stunnel when configured to listen for incoming connections (instead of being invoked by inetd) and to start a new child process to handle each new connection. A remote attacker can exploit this vulnerability to bring the tunneled service down. 2. File descriptor leak (CVE-2003-0740)[3] Steve Grubb found[4] a file descriptor leak vulnerability in versions prior to 3.26 of stunnel that allows a local attacker to hijack the stunnel server. Since this update brings a new version of stunnel (3.26), several other fixes and minor changes are included as well[5]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1563 http://marc.theaimsgroup.com/?l=stunnel-users&m=103600188215117&w=2 http://www.securityfocus.com/archive/1/335996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0740 http://www.stunnel.org/news/ http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:736 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 4.6 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-1563 BugTraq ID: 6592 http://www.securityfocus.com/bid/6592 Bugtraq: 20030112 SIGCHLD problem in Stunnel (Google Search) http://marc.info/?l=bugtraq&m=104247606910598 Conectiva Linux advisory: CLA-2003:736 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 En Garde Linux Advisory: ESA-20030806-020 http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html http://marc.info/?l=stunnel-users&m=103600188215117&w=2 http://www.redhat.com/support/errata/RHSA-2003-221.html http://www.redhat.com/support/errata/RHSA-2003-223.html http://marc.info/?l=bugtraq&m=106029168514511&w=2 Common Vulnerability Exposure (CVE) ID: CVE-2003-0740 Bugtraq: 20030903 Stunnel-3.x Daemon Hijacking (Google Search) http://marc.info/?l=bugtraq&m=106260760211958&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:108 http://www.redhat.com/support/errata/RHSA-2003-297.html |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |