svn commit: r313375 - head/security/vuxml
Ryan Steinmetz
zi at FreeBSD.org
Sun Mar 3 20:18:00 UTC 2013
Author: zi
Date: Sun Mar 3 20:17:59 2013
New Revision: 313375
URL: http://svnweb.freebsd.org/changeset/ports/313375
Log:
- Document recent vulerability in security/stunnel (CVE-2013-1762)
Security: c97219b6-843d-11e2-b131-000c299b62e1
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Mar 3 19:56:57 2013 (r313374)
+++ head/security/vuxml/vuln.xml Sun Mar 3 20:17:59 2013 (r313375)
@@ -51,6 +51,41 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="c97219b6-843d-11e2-b131-000c299b62e1">
+ <topic>stunnel -- Remote Code Execution</topic>
+ <affects>
+ <package>
+ <name>stunnel</name>
+ <range><ge>4.21</ge><lt>4.55</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Michal Trojnara reports:</p>
+ <blockquote cite="https://www.stunnel.org/CVE-2013-1762.html">
+ <p>64-bit versions of stunnel with the following conditions:
+ * NTLM authentication enabled
+ * CONNECT protocol negotiation enabled
+ * Configured in SSL client mode
+ * An attacker that can either control the proxy server specified in
+ the "connect" option or execute MITM attacks on the TCP session
+ between stunnel and the proxy</p>
+ <p>Can be exploited for remote code execution. The code is executed
+ within the configured chroot directory, with privileges of the
+ configured user and group.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-1762</cvename>
+ <url>https://www.stunnel.org/CVE-2013-1762.html</url>
+ </references>
+ <dates>
+ <discovery>2013-03-03</discovery>
+ <entry>2013-03-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="9c88d8a8-8372-11e2-a010-20cf30e32f6d">
<topic>apache22 -- several vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list