Lucene search
Copyright (C) 2015 Eero VolotinenOPENVAS:1361412562310121258HistorySep 29, 2015 - 12:00 a.m.
Gentoo Security Advisory GLSA 201408-14
2015-09-2900:00:00
Copyright (C) 2015 Eero Volotinen
plugins.openvas.org
8
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.2%
Gentoo Linux Local Security Checks GLSA 201408-14
# SPDX-FileCopyrightText: 2015 Eero Volotinen
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.121258");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"creation_date", value:"2015-09-29 11:27:46 +0300 (Tue, 29 Sep 2015)");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_name("Gentoo Security Advisory GLSA 201408-14");
script_tag(name:"insight", value:"stunnel does not properly update the state of the pseudo-random generator after fork-threading which causes subsequent children with the same process ID to use the same entropy pool. ECDSA and DSA keys, when not used in deterministic mode (RFC6979), rely on random data for its k parameter to not leak private key information.");
script_tag(name:"solution", value:"Update the affected packages to the latest available version.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://security.gentoo.org/glsa/201408-14");
script_cve_id("CVE-2014-0016");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"qod_type", value:"package");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_category(ACT_GATHER_INFO);
script_tag(name:"summary", value:"Gentoo Linux Local Security Checks GLSA 201408-14");
script_copyright("Copyright (C) 2015 Eero Volotinen");
script_family("Gentoo Local Security Checks");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if((res=ispkgvuln(pkg:"net-misc/stunnel", unaffected: make_list("ge 5.02"), vulnerable: make_list("lt 5.02"))) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
References
Related
seebug
seebug
Stunnel PRINGεε§εζΌζ΄
2014-03-11 00:00:00
prion
prion
Code injection
2014-03-24 16:31:00
debiancve
debiancve
CVE-2014-0016
2014-03-24 16:31:00
gentoo
gentoo
stunnel: Information disclosure
2014-08-29 00:00:00
cve
cve
CVE-2014-0016
2014-03-24 16:31:00
mageia
mageia
Updated stunnel package fixes security vulnerability
2014-03-31 23:40:37
kaspersky
kaspersky
KLA10342 OSI vulnerability in Stunnel
2014-06-24 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:096 ] stunnel
2015-04-20 00:00:00
stunnel crypto vulnerabilities
2015-04-20 00:00:00
ubuntucve
ubuntucve
CVE-2014-0016
2014-03-24 00:00:00
cvelist
cvelist
CVE-2014-0016
2014-03-23 15:00:00
nessus
nessus
Mandriva Linux Security Advisory : stunnel (MDVSA-2015:096)
2015-03-30 00:00:00
GLSA-201408-14 : stunnel: Information disclosure
2014-08-30 00:00:00
stunnel < 5.00 PRNG State Security Weakness
2014-03-26 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0144)
2022-01-28 00:00:00
Fedora Update for stunnel FEDORA-2014-5321
2014-05-05 00:00:00
Fedora Update for stunnel FEDORA-2014-5321
2014-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: stunnel-5.01-1.fc20
2014-04-30 04:07:51
[SECURITY] Fedora 19 Update: stunnel-5.01-1.fc19
2014-04-30 04:04:04
rosalinux
rosalinux
Advisory ROSA-SA-2021-1978
2021-07-02 18:10:58
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.2%
Related for OPENVAS:1361412562310121258