Synopsis: Moderate: stunnel security update
Issue Date: 2013-04-08
CVE Numbers: CVE-2013-1762
—
An integer conversion issue was found in stunnel when using Microsoft NT
LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method.
With this configuration, and using stunnel in SSL client mode on a 64-bit
system, an attacker could possibly execute arbitrary code with the
privileges of the stunnel process via a man-in-the-middle attack or by
tricking a user into using a malicious proxy. (CVE-2013-1762)
—
SL6
x86_64
stunnel-4.29-3.el6_4.x86_64.rpm
stunnel-debuginfo-4.29-3.el6_4.x86_64.rpm
i386
stunnel-4.29-3.el6_4.i686.rpm
stunnel-debuginfo-4.29-3.el6_4.i686.rpm
– Scientific Linux Development Team
