RHEL 6 : stunnel (RHSA-2013:0714)

Medium Nessus Plugin ID 65863


The remote Red Hat host is missing one or more security updates.


An updated stunnel package that fixes one security issue is now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

stunnel is a socket wrapper which can provide SSL (Secure Sockets Layer) support to ordinary applications. For example, it can be used in conjunction with imapd to create an SSL-secure IMAP server.

An integer conversion issue was found in stunnel when using Microsoft NT LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method. With this configuration, and using stunnel in SSL client mode on a 64-bit system, an attacker could possibly execute arbitrary code with the privileges of the stunnel process via a man-in-the-middle attack or by tricking a user into using a malicious proxy.

All stunnel users should upgrade to this updated package, which contains a backported patch to correct this issue.


Update the affected stunnel and / or stunnel-debuginfo packages.

See Also




Plugin Details

Severity: Medium

ID: 65863

File Name: redhat-RHSA-2013-0714.nasl

Version: $Revision: 1.14 $

Type: local

Agent: unix

Published: 2013/04/09

Modified: 2017/01/05

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.6

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:stunnel, p-cpe:/a:redhat:enterprise_linux:stunnel-debuginfo, cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:6.4

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/04/08

Reference Information

CVE: CVE-2013-1762

BID: 58277

OSVDB: 90841

RHSA: 2013:0714