OSVDB ID: 70848 Title: stunnel CLOEXEC File Descriptor Leak Information Disclosure |
Info |
|
|
Dates |
||||
|
|
Description |
stunnel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a race condition occurs within the handling of file descriptors in combination with FD_CLOEXEC, which will disclose privileged file descriptors to a local attacker. |
Classification |
Location:
Local Access Required
Attack Type: Information Disclosure, Race Condition Impact: Loss of Confidentiality Solution: Upgrade Exploit: Exploit Unknown Disclosure: Vendor Verified OSVDB: Security Software |
Solution |
Upgrade to version 4.35 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |