CVE-2008-2420
Summary
| CVE | CVE-2008-2420 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-05-23 15:32:00 UTC |
| Updated | 2017-08-08 01:31:00 UTC |
| Description | The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Stunnel | Stunnel | 3.10 | All | All | All |
| Application | Stunnel | Stunnel | 3.11 | All | All | All |
| Application | Stunnel | Stunnel | 3.12 | All | All | All |
| Application | Stunnel | Stunnel | 3.13 | All | All | All |
| Application | Stunnel | Stunnel | 3.14 | All | All | All |
| Application | Stunnel | Stunnel | 3.15 | All | All | All |
| Application | Stunnel | Stunnel | 3.16 | All | All | All |
| Application | Stunnel | Stunnel | 3.17 | All | All | All |
| Application | Stunnel | Stunnel | 3.18 | All | All | All |
| Application | Stunnel | Stunnel | 3.19 | All | All | All |
| Application | Stunnel | Stunnel | 3.20 | All | All | All |
| Application | Stunnel | Stunnel | 3.21 | All | All | All |
| Application | Stunnel | Stunnel | 3.21a | All | All | All |
| Application | Stunnel | Stunnel | 3.21b | All | All | All |
| Application | Stunnel | Stunnel | 3.21c | All | All | All |
| Application | Stunnel | Stunnel | 3.22 | All | All | All |
| Application | Stunnel | Stunnel | 3.23 | All | All | All |
| Application | Stunnel | Stunnel | 3.24 | All | All | All |
| Application | Stunnel | Stunnel | 3.25 | All | All | All |
| Application | Stunnel | Stunnel | 3.26 | All | All | All |
| Application | Stunnel | Stunnel | 3.4a | All | All | All |
| Application | Stunnel | Stunnel | 3.5 | All | All | All |
| Application | Stunnel | Stunnel | 3.6 | All | All | All |
| Application | Stunnel | Stunnel | 3.7 | All | All | All |
| Application | Stunnel | Stunnel | 3.8 | All | All | All |
| Application | Stunnel | Stunnel | 3.8p1 | All | All | All |
| Application | Stunnel | Stunnel | 3.8p2 | All | All | All |
| Application | Stunnel | Stunnel | 3.8p3 | All | All | All |
| Application | Stunnel | Stunnel | 3.8p4 | All | All | All |
| Application | Stunnel | Stunnel | 3.9 | All | All | All |
| Application | Stunnel | Stunnel | 4.00 | All | All | All |
| Application | Stunnel | Stunnel | 4.01 | All | All | All |
| Application | Stunnel | Stunnel | 4.02 | All | All | All |
| Application | Stunnel | Stunnel | 4.03 | All | All | All |
| Application | Stunnel | Stunnel | 4.04 | All | All | All |
| Application | Stunnel | Stunnel | 4.05 | All | All | All |
| Application | Stunnel | Stunnel | 4.06 | All | All | All |
| Application | Stunnel | Stunnel | 4.07 | All | All | All |
| Application | Stunnel | Stunnel | 4.08 | All | All | All |
| Application | Stunnel | Stunnel | 4.09 | All | All | All |
| Application | Stunnel | Stunnel | 4.10 | All | All | All |
| Application | Stunnel | Stunnel | 4.11 | All | All | All |
| Application | Stunnel | Stunnel | 4.12 | All | All | All |
| Application | Stunnel | Stunnel | 4.13 | All | All | All |
| Application | Stunnel | Stunnel | 4.14 | All | All | All |
| Application | Stunnel | Stunnel | 4.15 | All | All | All |
| Application | Stunnel | Stunnel | 4.16 | All | All | All |
| Application | Stunnel | Stunnel | 4.17 | All | All | All |
| Application | Stunnel | Stunnel | 4.18 | All | All | All |
| Application | Stunnel | Stunnel | 4.19 | All | All | All |
| Application | Stunnel | Stunnel | 4.20 | All | All | All |
| Application | Stunnel | Stunnel | 4.21 | All | All | All |
| Application | Stunnel | Stunnel | 4.22 | All | All | All |
| Application | Stunnel | Stunnel | 4.23 | All | All | All |
| Application | Stunnel | Stunnel | 3.10 | All | All | All |
| Application | Stunnel | Stunnel | 3.11 | All | All | All |
| Application | Stunnel | Stunnel | 3.12 | All | All | All |
| Application | Stunnel | Stunnel | 3.13 | All | All | All |
| Application | Stunnel | Stunnel | 3.14 | All | All | All |
| Application | Stunnel | Stunnel | 3.15 | All | All | All |
| Application | Stunnel | Stunnel | 3.16 | All | All | All |
| Application | Stunnel | Stunnel | 3.17 | All | All | All |
| Application | Stunnel | Stunnel | 3.18 | All | All | All |
| Application | Stunnel | Stunnel | 3.19 | All | All | All |
| Application | Stunnel | Stunnel | 3.20 | All | All | All |
| Application | Stunnel | Stunnel | 3.21 | All | All | All |
| Application | Stunnel | Stunnel | 3.21a | All | All | All |
| Application | Stunnel | Stunnel | 3.21b | All | All | All |
| Application | Stunnel | Stunnel | 3.21c | All | All | All |
| Application | Stunnel | Stunnel | 3.22 | All | All | All |
| Application | Stunnel | Stunnel | 3.23 | All | All | All |
| Application | Stunnel | Stunnel | 3.24 | All | All | All |
| Application | Stunnel | Stunnel | 3.25 | All | All | All |
| Application | Stunnel | Stunnel | 3.26 | All | All | All |
| Application | Stunnel | Stunnel | 3.4a | All | All | All |
| Application | Stunnel | Stunnel | 3.5 | All | All | All |
| Application | Stunnel | Stunnel | 3.6 | All | All | All |
| Application | Stunnel | Stunnel | 3.7 | All | All | All |
| Application | Stunnel | Stunnel | 3.8 | All | All | All |
| Application | Stunnel | Stunnel | 3.8p1 | All | All | All |
| Application | Stunnel | Stunnel | 3.8p2 | All | All | All |
| Application | Stunnel | Stunnel | 3.8p3 | All | All | All |
| Application | Stunnel | Stunnel | 3.8p4 | All | All | All |
| Application | Stunnel | Stunnel | 3.9 | All | All | All |
| Application | Stunnel | Stunnel | 4.00 | All | All | All |
| Application | Stunnel | Stunnel | 4.01 | All | All | All |
| Application | Stunnel | Stunnel | 4.02 | All | All | All |
| Application | Stunnel | Stunnel | 4.03 | All | All | All |
| Application | Stunnel | Stunnel | 4.04 | All | All | All |
| Application | Stunnel | Stunnel | 4.05 | All | All | All |
| Application | Stunnel | Stunnel | 4.06 | All | All | All |
| Application | Stunnel | Stunnel | 4.07 | All | All | All |
| Application | Stunnel | Stunnel | 4.08 | All | All | All |
| Application | Stunnel | Stunnel | 4.09 | All | All | All |
| Application | Stunnel | Stunnel | 4.10 | All | All | All |
| Application | Stunnel | Stunnel | 4.11 | All | All | All |
| Application | Stunnel | Stunnel | 4.12 | All | All | All |
| Application | Stunnel | Stunnel | 4.13 | All | All | All |
| Application | Stunnel | Stunnel | 4.14 | All | All | All |
| Application | Stunnel | Stunnel | 4.15 | All | All | All |
| Application | Stunnel | Stunnel | 4.16 | All | All | All |
| Application | Stunnel | Stunnel | 4.17 | All | All | All |
| Application | Stunnel | Stunnel | 4.18 | All | All | All |
| Application | Stunnel | Stunnel | 4.19 | All | All | All |
| Application | Stunnel | Stunnel | 4.20 | All | All | All |
| Application | Stunnel | Stunnel | 4.21 | All | All | All |
| Application | Stunnel | Stunnel | 4.22 | All | All | All |
| Application | Stunnel | Stunnel | 4.23 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail - OVH | VUPEN | www.vupen.com | |
| Support / Security / Advisories / / MDVSA-2008:168 | Mandriva | MANDRIVA | www.mandriva.com | |
| [stunnel-announce] stunnel 4.24 released | MLIST | stunnel.mirt.net | |
| [SECURITY] Fedora 9 Update: stunnel-4.24-1.fc9 | FEDORA | www.redhat.com | |
| Fedora update for stunnel - Advisories - Secunia | SECUNIA | secunia.com | |
| [SECURITY] Fedora 8 Update: stunnel-4.24-0.fc8 | FEDORA | www.redhat.com | |
| [SECURITY] Fedora 7 Update: stunnel-4.24-0.fc7 | FEDORA | www.redhat.com | |
| stunnel: Security bypass — Gentoo Linux Documentation | GENTOO | security.gentoo.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Stunnel OCSP Revoked Certificate Security Issue - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Stunnel OCSP Certificate Validation Security Bypass Vulnerability | BID | www.securityfocus.com | Patch |
| Gentoo update for stunnel - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2008-05-26 | Mark J Cox | Not vulnerable. OCSP protocol support was only implemented in upstream stunnel version 4.16. Therefore OCSP protocol is not available in the versions of stunnel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
There are currently no legacy QID mappings associated with this CVE.