DSA-3299 stunnel4 - security update
|
Información sobre el sistema
|
|
|
Software afectado |
Debian |
Descripción
|
Johan Olofsson discovered an authentication bypass vulnerability inStunnel, a program designed to work as an universal SSL tunnel fornetwork daemons. When Stunnel in server mode is used with the redirectoption and certificate-based authentication is enabled with verify = 2or higher, then only the initial connection is redirected to the hostsspecified with redirect. This allows a remote attacker to bypassauthentication.
More info:
https://www.debian.org/security/2015/dsa-3299 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2015-3644 and DSA-3299. |