Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: stunnel on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Monday 8th April 2013 19:31:47 UTC (over 3 years ago)
Synopsis:          Moderate: stunnel security update
Issue Date:        2013-04-08
CVE Numbers:       CVE-2013-1762
--

An integer conversion issue was found in stunnel when using Microsoft NT
LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method.
With this configuration, and using stunnel in SSL client mode on a 64-bit
system, an attacker could possibly execute arbitrary code with the
privileges of the stunnel process via a man-in-the-middle attack or by
tricking a user into using a malicious proxy. (CVE-2013-1762)
--

SL6
  x86_64
    stunnel-4.29-3.el6_4.x86_64.rpm
    stunnel-debuginfo-4.29-3.el6_4.x86_64.rpm
  i386
    stunnel-4.29-3.el6_4.i686.rpm
    stunnel-debuginfo-4.29-3.el6_4.i686.rpm

- Scientific Linux Development Team
 
CD: 16ms