Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-202110-09 Moderate: Stunnel Vulnerability Exploitation Risk

gentoo
Calendar Grey August 8, 2008
Dist Gentoo Esm H88
A recent Gentoo security notice concerning stunnel discloses a minor severity vulnerability related to the authentication of revoked certificates.
stunnel does not properly prevent the authentication of a revoked certificate which would be published by OCSP.

Summary

Gentoo Linux Security Advisory GLSA 200808-08 https://security.gentoo.org/ Severity: Low Title: stunnel: Security bypass Date: August 08, 2008 Bugs: #222805 ID: 200808-08

Synopsis ======= stunnel does not properly prevent the authentication of a revoked certificate which would be published by OCSP.
Background ========= The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local or remote server. OCSP (Online Certificate Status Protocol), as described in RFC 2560, is an internet protocol used for obtaining the revocation status of an X.509 digital certificate.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ----------------------------------------------------------------...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Gentoo authentication issue low severity stunnel security bypass OCSP

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
low
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory Gentoo authentication issue low severity stunnel security bypass OCSP

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here