CVE-2013-1762

Related Files

Gentoo Linux Security Advisory 201402-08

Posted Feb 7, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-8 - Multiple vulnerabilities have been found in stunnel, the worst of which may cause a Denial of Service condition. Versions less than 4.56-r1 are affected.

tags | advisory, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2013-1762

SHA-256 | 31d749575518e8dbefa0e344dea1c1971b5f9d57ef56cd9eca9f080b0a6ae029

Download | Favorite | View

Debian Security Advisory 2664-1

Posted May 2, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2664-1 - Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication ("protocolAuthentication = NTLM") together with the 'connect' protocol method ("protocol = connect"). With these prerequisites and using stunnel4 in SSL client mode ("client = yes") on a 64bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever.

tags | advisory, overflow, arbitrary, tcp, protocol

systems | linux, debian

advisories | CVE-2013-1762

SHA-256 | 0be7b3b1982000f18ee3f8dbafa2d404fa383f45824d8da98d0caa83970bc7d4

Download | Favorite | View

Mandriva Linux Security Advisory 2013-130

Posted Apr 11, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-130 - stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

tags | advisory, remote, overflow, arbitrary, protocol

systems | linux, mandriva

advisories | CVE-2013-1762

SHA-256 | 5820bcf9444903bd1647e9bcc86b61f63e7bd6b55e6ce21f29c6945caf2801a9

Download | Favorite | View

Red Hat Security Advisory 2013-0714-01

Posted Apr 8, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0714-01 - stunnel is a socket wrapper which can provide SSL support to ordinary applications. For example, it can be used in conjunction with imapd to create an SSL-secure IMAP server. An integer conversion issue was found in stunnel when using Microsoft NT LAN Manager authentication with the HTTP CONNECT tunneling method. With this configuration, and using stunnel in SSL client mode on a 64-bit system, an attacker could possibly execute arbitrary code with the privileges of the stunnel process via a man-in-the-middle attack or by tricking a user into using a malicious proxy.

tags | advisory, web, arbitrary, imap

systems | linux, redhat

advisories | CVE-2013-1762

SHA-256 | ae590ecfc6b085e50526809d06c73bd6b37ad1666674476fa467dca52adb7f34

Download | Favorite | View