CVE-2014-0016

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-0016
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://www.stunnel.org/sdf_ChangeLog.html Release Notes Vendor Advisory
https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff Patch
http://www.openwall.com/lists/oss-security/2014/03/05/1 Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1072180 Issue Tracking Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/65964 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:stunnel:stunnel:4.53:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.51:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.46:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.44:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.37:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.35:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.28:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.26:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.21:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.19:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:0.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21c:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b6:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8p1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.6:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:*:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.6:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.4a:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.12:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.50:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:p3:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:2.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8p3:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21a:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.49:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.2:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.13:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.00:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.07:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.40:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.32:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.4:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.33:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.48:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:p2:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.31:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:p1:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.05:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.38:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.47:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.24:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.42:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.39:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.24:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8p4:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.41:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.23:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.23:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.30:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.08:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.26:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.06:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.25:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.25:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.5:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.3:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:2.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.45:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.09:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.54:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.52:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.2:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21b:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b7:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.27:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:p4:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.5:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.43:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.34:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b4:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8p2:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.29:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b1:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b2:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.36:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b3:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.55:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b5:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
Information

Published : 2014-03-24 09:31

Updated : 2017-01-26 12:00

NVD link : CVE-2014-0016

Mitre link : CVE-2014-0016

JSON object : View

CWE
CWE-332

Insufficient Entropy in PRNG

Advertisement

dedicated server usa
Products Affected

stunnel

  • stunnel