Detections
Analytics

stunnel 4.21 - 4.54 Multiple Vulnerabilities

medium Nessus Plugin ID 65690

Language:

Synopsis

The remote Windows host contains a program that is affected by multiple vulnerabilities.

Description

The version of stunnel installed on the remote host is a version after 4.21 and prior to 4.55. It is, therefore, affected by the following vulnerabilities :

 - The bundled version of OpenSSL contains an error related to CBC-mode and timing that allows an attacker to recover plaintext from encrypted communications.
 (CVE-2013-0169)

 - A buffer overflow condition exists related to NTLM authentication. Note this issue does not affect 32-bit builds.(CVE-2013-1762)

Solution

Upgrade to stunnel version 4.55 or later.

See Also

https://www.stunnel.org/?page=sdf_ChangeLog

http://www.nessus.org/u?0bf4f9d5

https://www.stunnel.org/CVE-2013-1762.html

Plugin Details

Severity: Medium

ID: 65690

File Name: stunnel_4_55.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 3/26/2013

Updated: 12/5/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:C

CVSS Score Source: CVE-2013-1762

Vulnerability Information

CPE: cpe:/a:stunnel:stunnel

Required KB Items: installed_sw/stunnel

Exploit Ease: No known exploits are available

Patch Publication Date: 3/3/2013

Vulnerability Publication Date: 2/4/2013

Reference Information

CVE: CVE-2013-0169, CVE-2013-1762

BID: 57778, 58277