Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:168 (stunnel)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61412

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:168 (stunnel)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to stunnel
announced via advisory MDVSA-2008:168.

A vulnerability was found in the OCSP search functionality in stunnel
that could allow a remote attacker to use a revoked certificate that
would be successfully authenticated by stunnel (CVE-2008-2420).
This flaw only concerns users who have enabled OCSP validation
in stunnel.

The updated packages have been patched to correct this issue.

Affected: 2007.1, 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:168

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2420
BugTraq ID: 29309
http://www.securityfocus.com/bid/29309
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html
http://security.gentoo.org/glsa/glsa-200808-08.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:168
http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html
http://secunia.com/advisories/30335
http://secunia.com/advisories/30425
http://secunia.com/advisories/31438
http://www.vupen.com/english/advisories/2008/1569/references
XForce ISS Database: stunnel-ocsp-security-bypass(42528)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42528

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61412
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:168 (stunnel)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to stunnel announced via advisory MDVSA-2008:168. A vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel (CVE-2008-2420). This flaw only concerns users who have enabled OCSP validation in stunnel. The updated packages have been patched to correct this issue. Affected: 2007.1, 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:168 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2420 BugTraq ID: 29309 http://www.securityfocus.com/bid/29309 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html http://security.gentoo.org/glsa/glsa-200808-08.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:168 http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html http://secunia.com/advisories/30335 http://secunia.com/advisories/30425 http://secunia.com/advisories/31438 http://www.vupen.com/english/advisories/2008/1569/references XForce ISS Database: stunnel-ocsp-security-bypass(42528) https://exchange.xforce.ibmcloud.com/vulnerabilities/42528
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com