[stunnel-users] Stunnel Version Vulnerability-Currently using 5.04
Tracy Drake - IQGC-C
tracy.drake at gsa.gov
Tue Mar 28 14:37:33 CEST 2017
Hello Stunnel Users Forum! I wonder if anyone may have suggestions of
what, if anything can be done to surmount a reported vulnerability for
Stunnel versions prior to 5.34. I have limited savvy in this arena so
please excuse this "Stunnel for Dummies" question.
The following statements surfaced in a "security vulnerabilities" report...
The version of stunnel installed on the remote host is 4.46 or later but
prior to 5.34.
It is, therefore, affected by a security bypass vulnerability related to
the validation
of level 4 peer certificates. An unauthenticated, remote attacker can
exploit this to
have an impact on confidentiality, integrity, and/or availability. No
other details are
available.
I am of the mind that perhaps an entry in Stunnel.conf until we can deploy
an upgrade?
Thanks in advance for any feedback! Upgrade to stunnel version 5.34 or
later.
--
Tracy Drake
CSM Senior Consultant
GSA-FAS CAMEO Contractor
URSA & INFOConnect Support & Training Team Lead
704-987-1211
tracy.drake at gsa.gov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170328/f686eaaf/attachment.html>
More information about the stunnel-users
mailing list