Title: Stunnel OCSP Certificate Validation Security Bypass Vulnerability
Severity: MODERATE
Description:
Stunnel is an application that lets users encapsulate arbitrary TCP connections in SSL traffic.
Stunnel is prone to a security-bypass vulnerability. The issue occurs because the OCSP (Online Certificate Status Protocol) functionality fails to properly check revoked certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers and authenticating with a revoked certificate. This will aid in further attacks.
This issue affects versions prior to Stunnel 4.24.
Affected Products:
- Gentoo Linux
- MandrakeSoft Linux Mandrake 2007.1
- MandrakeSoft Linux Mandrake 2007.1 x86_64
- MandrakeSoft Linux Mandrake 2008.0
- MandrakeSoft Linux Mandrake 2008.0 x86_64
- MandrakeSoft Linux Mandrake 2008.1
- MandrakeSoft Linux Mandrake 2008.1 x86_64
- RedHat Fedora 7
- RedHat Fedora 8
- RedHat Fedora 9
- Stunnel Stunnel 4.23
References:
- Stunnel: Stunnel Homepage
- Stunnel: [stunnel-announce] stunnel 4.24 released
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
