17 matches found
SUSE CVE-2013-1762
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...
Oracle: Security Advisory (ELSA-2013-0714)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 6 : stunnel (ELSA-2013-0714)
The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2013-0714 advisory. 4.29-3 Resolves: CVE-2013-1762 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
[SECURITY] [DSA 2664-1] stunnel4 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2664-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 2, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2664-1] stunnel4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2664-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 2, 2013 http://www.debian.org/security/faq -...
SuSE 11.2 Security Update : stunnel (SAT Patch Number 7449)
This update for stunnel fixes a buffer overflow vulnerability caused by incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation. CVE-2013-1762 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Mandriva Linux Security Advisory : stunnel (MDVSA-2013:130)
Updated stunnel packages fix security vulnerability : stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a...
RedHat Update for stunnel RHSA-2013:0714-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for stunnel CESA-2013:0714 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 : stunnel (CESA-2013:0714)
An updated stunnel package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Scientific Linux Security Update : stunnel on SL6.x i386/x86_64 (20130408)
An integer conversion issue was found in stunnel when using Microsoft NT LAN Manager NTLM authentication with the HTTP CONNECT tunneling method. With this configuration, and using stunnel in SSL client mode on a 64-bit system, an attacker could possibly execute arbitrary code with the privileges ...
RHEL 6 : stunnel (RHSA-2013:0714)
An updated stunnel package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
stunnel security update
4.29-3 Resolves: CVE-2013-1762...
stunnel 4.21 - 4.54 Multiple Vulnerabilities
The version of stunnel installed on the remote host is a version after 4.21 and prior to 4.55. It is, therefore, affected by the following vulnerabilities : - The bundled version of OpenSSL contains an error related to CBC-mode and timing that allows an attacker to recover plaintext from encrypte...
CVE-2013-1762
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...
CVE-2013-1762
CVE-2013-1762 affects stunnel 4.21–4.54 when NTLM authentication and CONNECT protocol negotiation are enabled. A mis-handled integer conversion can trigger a buffer overflow, allowing a remote attacker to execute arbitrary code via a crafted request to a proxy. Connected advisories consistently c...
CVE-2013-1762
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...