From security@sco.com Fri Oct 3 20:58:12 2003 From: security@sco.com To: announce@lists.sco.com, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com, full-disclosure@lists.netsys.com Date: Fri, 3 Oct 2003 16:06:51 -0700 Reply-To: please_reply_to_security@sco.com Subject: [Full-Disclosure] OpenLinux: Updated stunnel packages fix signal vulnerability To: announce@lists.sco.com bugtraq@securityfocus.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: Updated stunnel packages fix signal vulnerability Advisory number: CSSA-2003-026.0 Issue date: 2003 October 03 Cross reference: sr883627 fz528223 erg712413 CAN-2002-1563 ______________________________________________________________________________ 1. Problem Description stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over a secure connection (encrypted using SSL or TLS) or to provide a secure means of connecting to services that do not natively support encryption. When configured to listen for incoming connections (instead of being invoked by xinetd), stunnel can be configured to either start a thread or a child process to handle each new connection. If Stunnel is configured to start a new child process to handle each connection, it will receive a SIGCHLD signal when that child exits. Stunnel versions prior to 4.04 would perform tasks in the SIGCHLD signal handler which, if interrupted by another SIGCHLD signal, could be unsafe. This could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1563 to this issue. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to stunnel-4.04-1.i386.rpm OpenLinux 3.1.1 Workstation prior to stunnel-4.04-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-026.0/RPMS 4.2 Packages 00d7179b1b5ca718d3ec6b85f144e4f1 stunnel-4.04-1.i386.rpm 4.3 Installation rpm -Fvh stunnel-4.04-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-026.0/SRPMS 4.5 Source Packages ca450eb7d9ca61c042f0b6d1448def8d stunnel-4.04-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-026.0/RPMS 5.2 Packages e05b815b77113f4700875bb7a263a7ae stunnel-4.04-1.i386.rpm 5.3 Installation rpm -Fvh stunnel-4.04-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-026.0/SRPMS 5.5 Source Packages f13039bc38057f788d72ed9fa0448e0a stunnel-4.04-1.src.rpm 6. References Specific references for this advisory: http://marc.theaimsgroup.com/?l=stunnel-users&m=103600188215117 http://marc.theaimsgroup.com/?l=bugtraq&m=104247606910598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1563 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr883627 fz528223 erg712413. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements SCO would like to thank Henrik Eriksson from Axis Communications. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj999a8ACgkQbluZssSXDTFCZQCghaAuO/2UeV6CpVlvcsa8J/0H SmkAoJmHopz4H4R8u6NewNY0+keWeI0E =VZ9Z -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html