Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:21174

Version

Class

patch

ALTXid

37315

Language

English

Severity

NotAvailable

Title

RHSA-2013:0714: stunnel security update (Moderate)

Description

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Family

unix

Platform

Product

stunnel

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2014-01-09T13:03:25 : submitted
  - ALTX-SOFT Sergey Artykhov
- 2014-01-10T12:56:59.583-05:00 : status_change DRAFT
- 2014-01-27T04:01:13.347-05:00 : status_change INTERIM
- 2014-02-17T04:01:27.705-05:00 : status_change ACCEPTED

Reference

VENDOR: RHSA-2013:0714-01

CESA: CESA-2013:0714
CESA: CESA-2013:0714

Id: CESA-2013:0714

CVE: CVE-2013-1762

Criteria

Expand All

Collapse All

AND

CRITERION stunnel is earlier than 0:4.29-3.el6_4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:90692) check=at least one, check_existence=at_least_one_exists, comment=stunnel is earlier than 0:4.29-3.el6_4, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:29409)
    name stunnel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:25914)
    evr datatype=evr_string | operation=less than | value=0:4.29-3.el6_4

OR	Redhat 6 or Centos 6 release

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:20273) The operating system installed on the system is Red Hat Enterprise Linux 6

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16337) The operating system installed on the system is CentOS Linux 6.x


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	COMPLETE
Access complexity:	HIGH
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	COMPLETE