From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.2.1) Gecko/20030225 Description of problem: Stunnel as shipped leaks many file descriptors. One in particular can be used to hijack the service if used with a program that provides shell access. Further information can be found at: http://marc.theaimsgroup.com/?l=bugtraq&m=106260760211958&w=2 The advisory includes working exploit code tested against Red Hat 8.0. Version-Release number of selected component (if applicable): stunnel-3.22 How reproducible: Always Steps to Reproduce: 1. Compile and run the the exploit program from the bugtraq advisory. 2. Follow the instructions for the exploit program in the advisory. Actual Results: Leaked file descriptors. The listening descriptor, the logging descriptor, the signal pipe descriptors, etc. Expected Results: Only file descriptors 0, 1, & 2 in the child process. Additional info: Version 3.26 is the current version of the 3.x series. It has all known problems associated with descriptor leaks fixed. Its recommeded to upgrade to that version. 4.04 does not have this problem. Upgrading to the 4.x series is not recommeded since 3.x has configuration info on the commandline while 4.x uses a config file. The differences are too big of a jump for a stable release.
See bug 106473 for the entry for Enterprise Linux for this bug. We have an errata in progress RHSA-2003:296 for this issue, but it is currently stalled on glibc (see bug 106800)
http://rhn.redhat.com/errata/RHSA-2003-296.html was released 2003-11-24