NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q4

[sec-adv] OpenLinux update for stunnel

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Oct 06 2003 - 04:31:42 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
OpenLinux update for stunnel

SECUNIA ADVISORY ID:
SA9944

VERIFY ADVISORY:
http://www.secunia.com/advisories/9944/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
OpenLinux Workstation 3.x
OpenLinux Server 3.x

DESCRIPTION:
SCO has issued updated packages for stunnel. These fix a
vulnerability allowing malicious people to cause a Denial of
Service.

The vulnerability is caused due to a race condition. The "SIGCHLD"
signal handler isn't blocked, which potentially may result in the
client counter loosing count. This could possible be exploited to
cause a Denial of Service.

This only affects configurations where stunnel spawns a new child
process for each connection.

SOLUTION:
Updated packages:

-- OpenLinux 3.1.1 Server --

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-026.0/RPMS
00d7179b1b5ca718d3ec6b85f144e4f1 stunnel-4.04-1.i386.rpm

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-026.0/SRPMS
ca450eb7d9ca61c042f0b6d1448def8d stunnel-4.04-1.src.rpm

-- OpenLinux 3.1.1 Workstation --

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-026.0/RPMS
e05b815b77113f4700875bb7a263a7ae stunnel-4.04-1.i386.rpm

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-026.0/SRPMS
f13039bc38057f788d72ed9fa0448e0a stunnel-4.04-1.src.rpm

ORIGINAL ADVISORY:
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-026.0.txt

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]