Lucene search
RootSSV:61718HistoryMar 11, 2014 - 12:00 a.m.
Stunnel PRING初始化漏洞
2014-03-1100:00:00
Root
www.seebug.org
11
0.003 Low
EPSS
Percentile
68.2%
Bugtraq ID:65964
CVE ID:CVE-2014-0016
Stunnel是一个自由的跨平台软件,用于提供全局的TLS / SSL 服务。
Stunnel存在安全漏洞,套接字封装程序可对普通应用程序提供SSL支持,在fork后执行PRNG初始化,当接受新连接时,服务器fork(),子进程处理请求。OpenSSLRAND_bytes()函数在fork后没有重置其状态,而是简单的添加当前进程ID(getpid)至PRNG状态,可导致使用EC (ECDSA)或DSA证书的服务器在某些情况下泄漏私钥。
0
Stunnel
目前没有详细解决方案提供:
http://www.stunnel.org
Related
gentoo
gentoo
stunnel: Information disclosure
2014-08-29 00:00:00
cve
cve
CVE-2014-0016
2014-03-24 16:31:00
mageia
mageia
Updated stunnel package fixes security vulnerability
2014-03-31 23:40:37
openvas
openvas
Gentoo Security Advisory GLSA 201408-14
2015-09-29 00:00:00
Mageia: Security Advisory (MGASA-2014-0144)
2022-01-28 00:00:00
Fedora Update for stunnel FEDORA-2014-5321
2014-05-05 00:00:00
prion
prion
Code injection
2014-03-24 16:31:00
debiancve
debiancve
CVE-2014-0016
2014-03-24 16:31:00
kaspersky
kaspersky
KLA10342 OSI vulnerability in Stunnel
2014-06-24 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:096 ] stunnel
2015-04-20 00:00:00
stunnel crypto vulnerabilities
2015-04-20 00:00:00
ubuntucve
ubuntucve
CVE-2014-0016
2014-03-24 00:00:00
cvelist
cvelist
CVE-2014-0016
2014-03-23 15:00:00
nessus
nessus
Mandriva Linux Security Advisory : stunnel (MDVSA-2015:096)
2015-03-30 00:00:00
GLSA-201408-14 : stunnel: Information disclosure
2014-08-30 00:00:00
stunnel < 5.00 PRNG State Security Weakness
2014-03-26 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: stunnel-5.01-1.fc20
2014-04-30 04:07:51
[SECURITY] Fedora 19 Update: stunnel-5.01-1.fc19
2014-04-30 04:04:04
rosalinux
rosalinux
Advisory ROSA-SA-2021-1978
2021-07-02 18:10:58