[stunnel-users] nessus crashes stunnel

Roger Cruz rcruz at marathontechnologies.com
Fri Feb 12 19:30:30 CET 2010


We ran Nessus on a Linux system and found that stunnel crashes when the
weak certificate suite is enabled.  GDB shows the stack trace below and
it appears to be in the SSL library.  My search on this mailing list led
me to this message that appears to report a similar problem

 

http://mirt.net/pipermail/stunnel-users/2008-January/001830.html

 

Am I to understand that the problem is really with OpenSSL and that's
what  needs to be upgraded?  If so, do we know what version will have
the fixed problem?  

 

I'm going to post in the OpenSSL forum as well, but I wanted to start
here since from our perspective, Stunnel is the one crashing.

 

Thank you

Roger Cruz

 

 

2010.02.05 12:49:11 LOG7[13524:3086718672]: Cleaning up the signal pipe

2010.02.05 12:49:11 LOG6[13524:3086718672]: Child process 13575 finished
with code 0

 

Program received signal SIGSEGV, Segmentation fault.

[Switching to Thread 0xb7fa7b90 (LWP 13574)]

0x007b24a7 in krb5_is_referral_realm () from /usr/lib/libkrb5.so.3

(gdb) bt

#0  0x007b24a7 in krb5_is_referral_realm () from /usr/lib/libkrb5.so.3

#1  0x0089d338 in kssl_keytab_is_available () from /lib/libssl.so.6

#2  0x008803b1 in ssl3_choose_cipher () from /lib/libssl.so.6

#3  0x0087b2a2 in ssl3_get_client_hello () from /lib/libssl.so.6

#4  0x0087bc85 in ssl3_accept () from /lib/libssl.so.6

#5  0x0089109a in SSL_accept () from /lib/libssl.so.6

#6  0x00884d0d in ssl23_get_client_hello () from /lib/libssl.so.6

#7  0x0088554b in ssl23_accept () from /lib/libssl.so.6

#8  0x0089109a in SSL_accept () from /lib/libssl.so.6

#9  0x003628e2 in ?? () from /usr/sbin/stunnel

#10 0x00363acd in ?? () from /usr/sbin/stunnel

#11 0x003645ba in ?? () from /usr/sbin/stunnel

#12 0x003646a8 in client () from /usr/sbin/stunnel

#13 0x0025f45b in start_thread () from /lib/libpthread.so.0

#14 0x00448e5e in clone () from /lib/libc.so.6

(gdb) quit

 

[root at p20xen1 current_hq]# stunnel -version

stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006

Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

 

Global options

debug           = 5

pid             = /var/run/stunnel.pid

RNDbytes        = 64

RNDfile         = /dev/urandom

RNDoverwrite    = yes

 

Service-level options

cert            = /etc/stunnel/stunnel.pem

ciphers         = ALL:!ADH:+RC4:@STRENGTH

key             = /etc/stunnel/stunnel.pem

session         = 300 seconds

TIMEOUTbusy     = 300 seconds

TIMEOUTclose    = 60 seconds

TIMEOUTconnect  = 10 seconds

TIMEOUTidle     = 43200 seconds

verify          = none

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20100212/b37cbafd/attachment.html>


More information about the stunnel-users mailing list