stunnel 4.21 - 4.54 Multiple Vulnerabilities
High Nessus Plugin ID 65690
SynopsisThe remote Windows host contains a program that is affected by multiple vulnerabilities.
DescriptionThe version of stunnel installed on the remote host is a version after 4.21 and prior to 4.55. It is, therefore, affected by the following vulnerabilities :
- The bundled version of OpenSSL contains an error related to CBC-mode and timing that allows an attacker to recover plaintext from encrypted communications.
- A buffer overflow condition exists related to NTLM authentication. Note this issue does not affect 32-bit builds.(CVE-2013-1762)
SolutionUpgrade to stunnel version 4.55 or later.