Miembros de
Boletines de Vulnerabilidades |
DSA-3299 stunnel4 - security update |
|
Información sobre el sistema |
|
| Software afectado | Debian |
Descripción |
|
|
Johan Olofsson discovered an authentication bypass vulnerability inStunnel, a program designed to work as an universal SSL tunnel fornetwork daemons. When Stunnel in server mode is used with the redirectoption and certificate-based authentication is enabled with verify = 2or higher, then only the initial connection is redirected to the hostsspecified with redirect. This allows a remote attacker to bypassauthentication. More info: https://www.debian.org/security/2015/dsa-3299 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2015-3644 and DSA-3299. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2015-07-03 |