Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Conectiva CLA-2003:736: stunnel File descriptor leak, DoS

Conectiva CLA-2003:736: stunnel File descriptor leak, DoS

by Nikola Strahija on September 5th, 2003 Several vulnerabilities have been found in stunnel. A file descriptor leak vulnerability in versions prior to 3.26 of stunnel allows a local attacker to hijack the stunnel server. Another vulnerability, a race in the code that handles the SIGCHLD signal, can allow a remote attacker to bring the service down.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------

PACKAGE : stunnel
SUMMARY : File descriptor leak and SIGCHLD DoS vulnerabilities
DATE : 2003-09-05 18:09:00
ID : CLA-2003:736
RELEVANT
RELEASES : 7.0, 8, 9

- -------------------------------------------------------------------------

DESCRIPTION
Stunnel is a wrapper for network connections. It can be used to
tunnel an unencrypted network connection over a secure connection
(encrypted using SSL or TLS) or to provide a secure means of
connecting to services that do not natively support encryption.

This update fixes two vulnerabilities that affect stunnel versions
shipped with Conectiva Linux:

1. SIGCHLD Denial of Service (CAN-2002-1563)[1]
Henrik Eriksson found[2] a race in the code that handles the SIGCHLD
signal. This vulnerability affects stunnel when configured to listen
for incoming connections (instead of being invoked by inetd) and to
start a new child process to handle each new connection. A remote
attacker can exploit this vulnerability to bring the tunneled service
down.

2. File descriptor leak (CAN-2003-0740)[3]
Steve Grubb found[4] a file descriptor leak vulnerability in versions
prior to 3.26 of stunnel that allows a local attacker to hijack the
stunnel server.

Since this update brings a new version of stunnel (3.26), several
other fixes and minor changes are included as well[5].


SOLUTION
All stunnel users should upgrade.

Please note that after the upgrade all instances of stunnel and all
active network connections being served by it must be restarted
manually.


REFERENCES:
1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1563
2.http://marc.theaimsgroup.com/?l=stunnel-users&m=103600188215117&w=2
3.http://www.securityfocus.com/archive/1/335996
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0740
5.http://www.stunnel.org/news/


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/stunnel-3.26-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/stunnel-3.26-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/stunnel-3.26-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/stunnel-3.26-1U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/stunnel-3.26-21517U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/stunnel-3.26-21517U90_1cl.src.rpm


ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: [email protected]
unsubscribe: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/WPyV42jd0JmAcZARApJVAKDBhvm9bXQ8GWEDMCbE0+zPs15K9wCgkdgb
gXbVi8CFgPUMfSCJ4gmADUs=
=yxsa
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »