6 matches found
Debian DSA-3299-1 : stunnel4 - security update
Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with 'verify = 2'or higher, then onl...
[SECURITY] [DSA 3299-1] stunnel4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3299-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2015 https://www.debian.org/security/faq -...
SUSE SLES12 Security Update : stunnel (SUSE-SU-2015:1062-1)
This update fixes an authentication bypass when using the 'redirect' option CVE-2015-3644, bsc931517, backport from v5.17. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and...
SUSE-SU-2015:1062-1 Security update for stunnel
This update fixes an authentication bypass when using the 'redirect' option CVE-2015-3644, bsc931517, backport from v5.17...
CVE-2015-3644
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication...
CVE-2015-3644
CVE-2015-3644 affects Stunnel when run in server mode with the redirect option and certificate-based authentication (verify >= 2). The vulnerability causes only the initial connection to be redirected, enabling an authentication bypass. Affected versions include Stunnel 5.00–5.13; the issue is...