Published: 23/05/2008 Updated: 08/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The OCSP functionality in stunnel prior to 4.24 does not properly search certificate revocation lists (CRL), which allows remote malicious users to bypass intended access restrictions by using revoked certificates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
stunnel stunnel 3.15
stunnel stunnel 3.16
stunnel stunnel 3.21c
stunnel stunnel 3.22
stunnel stunnel 3.6
stunnel stunnel 3.7
stunnel stunnel 4.00
stunnel stunnel 4.01
stunnel stunnel 4.09
stunnel stunnel 4.10
stunnel stunnel 4.17
stunnel stunnel 4.18
stunnel stunnel 3.11
stunnel stunnel 3.12
stunnel stunnel 3.19
stunnel stunnel 3.20
stunnel stunnel 3.21
stunnel stunnel 3.25
stunnel stunnel 3.26
stunnel stunnel 3.8p2
stunnel stunnel 3.8p3
stunnel stunnel 4.05
stunnel stunnel 4.06
stunnel stunnel 4.13
stunnel stunnel 4.14
stunnel stunnel 4.21
stunnel stunnel 4.22
stunnel stunnel 3.10
stunnel stunnel 3.17
stunnel stunnel 3.18
stunnel stunnel 3.23
stunnel stunnel 3.24
stunnel stunnel 3.8
stunnel stunnel 3.8p1
stunnel stunnel 4.02
stunnel stunnel 4.03
stunnel stunnel 4.04
stunnel stunnel 4.11
stunnel stunnel 4.12
stunnel stunnel 4.19
stunnel stunnel 4.20
stunnel stunnel 3.13
stunnel stunnel 3.14
stunnel stunnel 3.21a
stunnel stunnel 3.21b
stunnel stunnel 3.4a
stunnel stunnel 3.5
stunnel stunnel 3.8p4
stunnel stunnel 3.9
stunnel stunnel 4.07
stunnel stunnel 4.08
stunnel stunnel 4.15
stunnel stunnel 4.16
stunnel stunnel 4.23

Debian Bug report logs - #482644 CVE-2008-2420: bypass intended access restrictions Package: stunnel4; Maintainer for stunnel4 is Peter Pentchev <roam@debianorg>; Source for stunnel4 is src:stunnel4 (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Sat, 24 May 2008 08:18:23 UTC ...

CWE-264 http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html http://www.securityfocus.com/bid/29309 http://secunia.com/advisories/30335 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html http://secunia.com/advisories/30425 http://secunia.com/advisories/31438 http://security.gentoo.org/glsa/glsa-200808-08.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:168 http://www.vupen.com/english/advisories/2008/1569/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42528 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482644 https://nvd.nist.gov

CVE-2008-2420

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect