Executive Summary
Summary | |
---|---|
Title | stunnel4 security update |
Informations | |||
---|---|---|---|
Name | DSA-2664 | First vendor Publication | 2013-05-02 |
Vendor | Debian | Last vendor Modification | 2013-05-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.6 | Attack Range | Network |
Cvss Impact Score | 8.5 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication ("protocolAuthentication = NTLM") together with the 'connect' protocol method ("protocol = connect"). With these prerequisites and using stunnel4 in SSL client mode ("client = yes") on a 64bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever. Note that for the testing distribution (wheezy) and the unstable distribution (sid), stunnel4 is compiled with stack smashing protection enabled, which should help protect against arbitrary code execution. For the stable distribution (squeeze), this problem has been fixed in version 3:4.29-1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3:4.53-1.1. For the unstable distribution (sid), this problem has been fixed in version 3:4.53-1.1. We recommend that you upgrade your stunnel4 packages. |
Original Source
Url : http://www.debian.org/security/2013/dsa-2664 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20019 | |||
Oval ID: | oval:org.mitre.oval:def:20019 | ||
Title: | DSA-2664-1 stunnel4 - buffer overflow | ||
Description: | Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication (<q>protocolAuthentication = NTLM</q>) together with the <q>connect</q> protocol method (<q>protocol = connect</q>). With these prerequisites and using stunnel4 in SSL client mode (<q>client = yes</q>) on a 64 bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2664-1 CVE-2013-1762 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | stunnel4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21174 | |||
Oval ID: | oval:org.mitre.oval:def:21174 | ||
Title: | RHSA-2013:0714: stunnel security update (Moderate) | ||
Description: | stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0714-01 CESA-2013:0714 CVE-2013-1762 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | stunnel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23939 | |||
Oval ID: | oval:org.mitre.oval:def:23939 | ||
Title: | ELSA-2013:0714: stunnel security update (Moderate) | ||
Description: | stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0714-01 CVE-2013-1762 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | stunnel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25990 | |||
Oval ID: | oval:org.mitre.oval:def:25990 | ||
Title: | SUSE-SU-2013:0709-1 -- Security update for stunnel | ||
Description: | This update for stunnel fixes a buffer overflow vulnerability caused by incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation (CVE-2013-1762). Security Issue reference: * CVE-2013-1762 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762 > | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0709-1 CVE-2013-1762 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | stunnel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27643 | |||
Oval ID: | oval:org.mitre.oval:def:27643 | ||
Title: | DEPRECATED: ELSA-2013-0714 -- stunnel security update (moderate) | ||
Description: | [4.29-3] Resolves: CVE-2013-1762 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0714 CVE-2013-1762 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | stunnel |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-03-14 | IAVM : 2013-B-0023 - Stunnel Remote Buffer Overflow Vulnerability Severity : Category I - VMSKEY : V0037414 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-02-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201402-08.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0714.nasl - Type : ACT_GATHER_INFO |
2013-05-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2664.nasl - Type : ACT_GATHER_INFO |
2013-04-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_stunnel-130305.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2013-130.nasl - Type : ACT_GATHER_INFO |
2013-04-10 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0714.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0714.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130408_stunnel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-03-26 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c97219b6843d11e2b131000c299b62e1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:48 |
|
2013-05-02 21:18:31 |
|