Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2420

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2420
Last Modified 07 Mar 2011 10:09:10
Published 23 May 2008 11:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2420

Summary

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.

Vulnerable Systems

Application

  • Stunnel 3.10

  • Stunnel 3.11

  • Stunnel 3.12

  • Stunnel 3.13

  • Stunnel 3.14

  • Stunnel 3.15

  • Stunnel 3.16

  • Stunnel 3.17

  • Stunnel 3.18

  • Stunnel 3.19

  • Stunnel 3.20

  • Stunnel 3.21

  • Stunnel 3.21a

  • Stunnel 3.21b

  • Stunnel 3.21c

  • Stunnel 3.22

  • Stunnel 3.23

  • Stunnel 3.24

  • Stunnel 3.25

  • Stunnel 3.26

  • Stunnel 3.4a

  • Stunnel 3.5

  • Stunnel 3.6

  • Stunnel 3.7

  • Stunnel 3.8

  • Stunnel 3.8p1

  • Stunnel 3.8p2

  • Stunnel 3.8p3

  • Stunnel 3.8p4

  • Stunnel 3.9

  • Stunnel 4.00

  • Stunnel 4.01

  • Stunnel 4.02

  • Stunnel 4.03

  • Stunnel 4.04

  • Stunnel 4.05

  • Stunnel 4.06

  • Stunnel 4.07

  • Stunnel 4.08

  • Stunnel 4.09

  • Stunnel 4.10

  • Stunnel 4.11

  • Stunnel 4.12

  • Stunnel 4.13

  • Stunnel 4.14

  • Stunnel 4.15

  • Stunnel 4.16

  • Stunnel 4.17

  • Stunnel 4.18

  • Stunnel 4.19

  • Stunnel 4.20

  • Stunnel 4.21

  • Stunnel 4.22

  • Stunnel 4.23


References

BID - 29309

XF - stunnel-ocsp-security-bypass(42528)

VUPEN - ADV-2008-1569

MANDRIVA - MDVSA-2008:168

MLIST - [stunnel-announce] 20080519 stunnel 4.24 released

GENTOO - GLSA-200808-08

SECUNIA - 31438

SECUNIA - 30335

FEDORA - FEDORA-2008-4606

FEDORA - FEDORA-2008-4579

FEDORA - FEDORA-2008-4531

SECUNIA - 30425


Last Updated: 27 May 2016 10:47:52