Mandriva Update For Stunnel MDVSA-2008:168 (stunnel) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel (CVE-2008-2420). This flaw only concerns users who have enabled OCSP validation in stunnel. The updated packages have been patched to correct this issue.

Affected

stunnel on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2420
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:138 (tomcat5)
Mandrake Security Advisory MDVSA-2009:047-1 (vim)
Mandrake Security Advisory MDVSA-2009:033 (sudo)
Mandrake Security Advisory MDVSA-2009:206 (wget)
Mandrake Security Advisory MDVSA-2009:087 (openssl)

Mandriva Update for stunnel MDVSA-2008:168 (stunnel)

Take action and discover your vulnerabilities