Vulnerability Bulletins |
Vulnerabilidad en paquete Stunnel |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Confidencialidad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
Red Hat Linux 7.1 - i386 Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 Red Hat Linux 8.0 - i386 Mandrake 9.0, Corporate Server 2.1 |
Description |
|
|
Ha sido descubierta una vulnerabilidad en el paquete Stunnel de Linux. Stunnel es una herramienta que permite encapsular conexiones en redes, creando un tunel por el que la información viaja cifrada (cifra usando SSL o TLS). Se suele usar para proveer cifrado en servicios que no lo soportan nativamente. Existe un fallo en las funciones no-reentrantes de los manejadores de señal. |
|
Solution |
|
|
Actualización de software Red Hat Linux Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/stunnel-3.26-1.7.1.src.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/stunnel-3.26-1.7.1.i386.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/stunnel-3.26-1.7.3.src.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/stunnel-3.26-1.7.3.i386.rpm ia64: ftp://updates.redhat.com/7.2/en/os/ia64/stunnel-3.26-1.7.3.ia64.rpm Red Hat Linux 7.3: SRPMS: ftp://updates.redhat.com/7.3/en/os/SRPMS/stunnel-3.26-1.7.3.src.rpm i386: ftp://updates.redhat.com/7.3/en/os/i386/stunnel-3.26-1.7.3.i386.rpm Red Hat Linux 8.0: SRPMS: ftp://updates.redhat.com/8.0/en/os/SRPMS/stunnel-3.26-1.8.0.src.rpm i386: ftp://updates.redhat.com/8.0/en/os/i386/stunnel-3.26-1.8.0.i386.rpm Mandrake Corporate Server 2.1: corporate/2.1/RPMS/stunnel-3.26-1.1.C21mdk.i586.rpm corporate/2.1/SRPMS/stunnel-3.26-1.1.C21mdk.src.rpm http://www.mandrakesecure.net/en/ftp.php Corporate Server 2.1/x86_64: x86_64/corporate/2.1/RPMS/stunnel-3.26-1.1.C21mdk.x86_64.rpm x86_64/corporate/2.1/SRPMS/stunnel-3.26-1.1.C21mdk.src.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0: 9.0/RPMS/stunnel-3.26-1.1.90mdk.i586.rpm 9.0/SRPMS/stunnel-3.26-1.1.90mdk.src.rpm http://www.mandrakesecure.net/en/ftp.php |
|
Standar resources |
|
| Property | Value |
| CVE |
CAN-2002-1563 CAN-2003-0740 |
| BID | |
Other resources |
|
|
RHSA-2003:296-01 http://www.redhat.com/archives/redhat-watch-list/2003-November/msg00012.html MDKSA-2003:108 http://archives.mandrakelinux.com/announce/2003-11/msg00016.php |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2003-11-25 |