Hello Stunnel Users Forum! I wonder if anyone may have suggestions of what, if anything can be done to surmount a reported vulnerability for Stunnel versions prior to 5.34. I have limited savvy in this arena so please excuse this "Stunnel for Dummies" question.
The following statements surfaced in a "security vulnerabilities" report... The version of stunnel installed on the remote host is 4.46 or later but prior to 5.34. It is, therefore, affected by a security bypass vulnerability related to the validation of level 4 peer certificates. An unauthenticated, remote attacker can exploit this to have an impact on confidentiality, integrity, and/or availability. No other details are available. I am of the mind that perhaps an entry in Stunnel.conf until we can deploy an upgrade? Thanks in advance for any feedback! Upgrade to stunnel version 5.34 or later. -- Tracy Drake CSM Senior Consultant GSA-FAS CAMEO Contractor URSA & INFOConnect Support & Training Team Lead 704-987-1211 [email protected]
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
