Red Hat Bugzilla – Bug 108027
CAN-2003-0740 Stunnel 3.2x Security Issues
Last modified: 2007-04-18 12:58:46 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.2.1) Gecko/20030225
Description of problem:
Stunnel as shipped leaks many file descriptors. One in particular can be used to
hijack the service if used with a program that provides shell access. Further
information can be found at:
The advisory includes working exploit code tested against Red Hat 8.0.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Compile and run the the exploit program from the bugtraq advisory.
2. Follow the instructions for the exploit program in the advisory.
Actual Results: Leaked file descriptors. The listening descriptor, the logging
descriptor, the signal pipe descriptors, etc.
Expected Results: Only file descriptors 0, 1, & 2 in the child process.
Version 3.26 is the current version of the 3.x series. It has all known problems
associated with descriptor leaks fixed. Its recommeded to upgrade to that version.
4.04 does not have this problem. Upgrading to the 4.x series is not recommeded
since 3.x has configuration info on the commandline while 4.x uses a config
file. The differences are too big of a jump for a stable release.
See bug 106473 for the entry for Enterprise Linux for this bug. We have an
errata in progress RHSA-2003:296 for this issue, but it is currently stalled on
glibc (see bug 106800)
was released 2003-11-24