[ESA-20030806-020] 'stunnel' signal handler race denial-of-service.
Date: Wed, 6 Aug 2003 09:01:20 -0400 (EDT)
From: EnGarde Secure Linux <[email protected]>
To: [email protected], [email protected]
Subject: [ESA-20030806-020] 'stunnel' signal handler race denial-of-service.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+------------------------------------------------------------------------+
| Guardian Digital Security Advisory August 06, 2003 |
| http://www.guardiandigital.com ESA-20030806-020 |
| |
| Package: stunnel |
| Summary: signal handler race denial-of-service. |
+------------------------------------------------------------------------+
EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats.
OVERVIEW
- --------
Stunnel is an SSL wrapper used in EnGarde to tunnel SIMAP and SPOP3. A
potential vulnerability has been found when stunnel is configured to
listen to incoming connections for these services.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-1563 to this issue.
Guardian Digital products affected by this issue include:
EnGarde Secure Community v1.0.1
EnGarde Secure Community 2
EnGarde Secure Professional v1.1
EnGarde Secure Professional v1.2
EnGarde Secure Professional v1.5
It is recommended that all users apply this update as soon as possible.
SOLUTION
- --------
Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool.
To modify your GDSN account and contact preferences, please go to:
https://www.guardiandigital.com/account/
Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages:
SRPMS/stunnel-3.22-1.0.5.src.rpm
MD5 Sum: db26a87a27201e6e37cc932717dc23b8
i386/stunnel-3.22-1.0.5.i386.rpm
MD5 Sum: 093bf52b08ce41a3c20192550b2a82da
i686/stunnel-3.22-1.0.5.i686.rpm
MD5 Sum: 6a971be1aa6dcd084703d5a2c6e9bda9
REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
Stunnel's Official Web Site:
http://stunnel.mirt.net/
Guardian Digital Advisories:
http://infocenter.guardiandigital.com/advisories/
Security Contact: [email protected]
- --------------------------------------------------------------------------
Author: Nick DeClario <[email protected]>
Copyright 2003, Guardian Digital, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/MPwnHD5cqd57fu0RAjqSAKCMtfxzYiCY1ttWy1VZVGUPi55SbgCeMYir
d99VVPWHrC7v7Yq/zjwow28=
=hYsL
-----END PGP SIGNATURE-----
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from radio.rzs.ru (unknown [217.196.118.5])
by mc.tura.ru (Postfix) with ESMTP id B20E017F68
for <[email protected]>; Wed, 6 Aug 2003 21:36:47 +0600 (YEKST)
Received: (from root@localhost)
by radio.rzs.ru (8.11.3/8.11.3) id h76FU1k01797;
Wed, 6 Aug 2003 21:30:01 +0600 (YEKST)
(envelope-from root)
Date: Wed, 6 Aug 2003 21:30:01 +0600 (YEKST)
Message-Id: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: 8bit
To: [email protected]
From: MONITORING <[email protected]>
Subject: ALERT: httpd not found rzs.ru
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 *.2085 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp46 0 0 *.22 *.* LISTEN
tcp4 0 0 *.21 *.* LISTEN
udp4 0 0 *.514 *.*
udp6 0 0 *.514 *.*
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
cc1cdfc0 dgram 0 0 cc1cc680 0 0 0 /var/run/log
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 1761 4.0 3.1 4264 3840 ?? S 9:30PM 0:00.29 /usr/bin/perl /etc/alertmon.pl
root 1 0.0 0.3 528 312 ?? ILs Tue09AM 0:00.22 /sbin/init --
root 2 0.0 0.0 0 0 ?? DL Tue09AM 0:00.18 (pagedaemon)
root 3 0.0 0.0 0 0 ?? DL Tue09AM 0:00.00 (vmdaemon)
root 4 0.0 0.0 0 0 ?? DL Tue09AM 0:00.85 (bufdaemon)
root 5 0.0 0.0 0 0 ?? DL Tue09AM 0:13.47 (syncer)
root 149 0.0 0.5 924 628 ?? Ss Tue09AM 0:01.50 syslogd -s
root 170 0.0 0.6 1040 760 ?? Is Tue09AM 0:00.00 inetd -wW
root 172 0.0 0.6 968 716 ?? Ss Tue09AM 0:01.51 /usr/sbin/cron
root 175 0.0 1.2 2484 1536 ?? Is Tue09AM 0:00.01 /usr/sbin/sshd
root 278 0.0 0.8 1324 940 v0 Is+ Tue09AM 0:00.10 -csh (csh)
root 280 0.0 0.5 936 636 v2 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv2
root 281 0.0 0.5 936 636 v3 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv3
root 282 0.0 0.5 936 636 v4 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv4
root 283 0.0 0.5 936 636 v5 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv5
root 284 0.0 0.5 936 636 v6 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv6
root 285 0.0 0.5 936 636 v7 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv7
root 1512 0.0 0.5 936 636 v1 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv1
chat 58545 0.0 3.2 4372 4040 ?? I 6:03AM 0:03.26 /home/chat/bin/entropychat.pl
radio 58814 0.0 0.9 1620 1064 ?? Ss 6:09AM 2:40.00 ./liveice -F /usr/local/icecast/conf/liveice.cfg -@ 2 -m
root 1756 0.0 0.6 984 728 ?? S 9:30PM 0:00.00 /usr/sbin/cron
root 1757 0.0 0.6 1036 784 ?? S 9:30PM 0:00.00 /usr/sbin/cron
root 1758 0.0 0.4 620 444 ?? Ss 9:30PM 0:00.00 /bin/sh -c /etc/alertmon.pl
root 1759 0.0 0.4 620 444 ?? Ss 9:30PM 0:00.00 /bin/sh -c /usr/local/icecast/bin/probe_live.sh 2>&1 >/dev/null
root 1762 0.0 0.4 628 452 ?? S 9:30PM 0:00.00 /bin/sh /usr/local/icecast/bin/probe_live.sh
root 1783 0.0 1.7 2504 2076 ?? Ss 9:30PM 0:00.03 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t
root 1785 0.0 0.1 176 60 ?? S 9:30PM 0:00.00 sleep 5
root 1787 0.0 0.4 620 444 ?? S 9:30PM 0:00.00 sh -c (netstat -an; ps auxwww)
root 0 0.0 0.0 0 0 ?? DLs Tue09AM 0:00.06 (swapper)
root 1788 0.0 0.2 416 240 ?? R 9:30PM 0:00.00 ps auxwww
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from radio.rzs.ru (unknown [217.196.118.5])
by mc.tura.ru (Postfix) with ESMTP id 98F9E17F6C
for <[email protected]>; Wed, 6 Aug 2003 21:41:47 +0600 (YEKST)
Received: (from root@localhost)
by radio.rzs.ru (8.11.3/8.11.3) id h76FZ1T02029;
Wed, 6 Aug 2003 21:35:01 +0600 (YEKST)
(envelope-from root)
Date: Wed, 6 Aug 2003 21:35:01 +0600 (YEKST)
Message-Id: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: 8bit
To: [email protected]
From: MONITORING <[email protected]>
Subject: ALERT: httpd not found rzs.ru
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 *.2085 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp46 0 0 *.22 *.* LISTEN
tcp4 0 0 *.21 *.* LISTEN
udp4 0 0 *.514 *.*
udp6 0 0 *.514 *.*
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
cc1cdfc0 dgram 0 0 cc1cc680 0 0 0 /var/run/log
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 1993 17.0 3.1 4264 3840 ?? S 9:35PM 0:00.29 /usr/bin/perl /etc/alertmon.pl
root 2015 2.0 1.7 2504 2076 ?? Ss 9:35PM 0:00.03 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t
root 2 0.0 0.0 0 0 ?? DL Tue09AM 0:00.18 (pagedaemon)
root 3 0.0 0.0 0 0 ?? DL Tue09AM 0:00.00 (vmdaemon)
root 4 0.0 0.0 0 0 ?? DL Tue09AM 0:00.85 (bufdaemon)
root 5 0.0 0.0 0 0 ?? DL Tue09AM 0:13.51 (syncer)
root 149 0.0 0.5 924 628 ?? Ss Tue09AM 0:01.50 syslogd -s
root 170 0.0 0.6 1040 760 ?? Is Tue09AM 0:00.00 inetd -wW
root 172 0.0 0.6 968 716 ?? Ss Tue09AM 0:01.52 /usr/sbin/cron
root 175 0.0 1.2 2484 1536 ?? Is Tue09AM 0:00.01 /usr/sbin/sshd
root 278 0.0 0.8 1324 940 v0 Is+ Tue09AM 0:00.10 -csh (csh)
root 280 0.0 0.5 936 636 v2 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv2
root 281 0.0 0.5 936 636 v3 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv3
root 282 0.0 0.5 936 636 v4 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv4
root 283 0.0 0.5 936 636 v5 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv5
root 284 0.0 0.5 936 636 v6 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv6
root 285 0.0 0.5 936 636 v7 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv7
root 1512 0.0 0.5 936 636 v1 Is+ Tue09AM 0:00.00 /usr/libexec/getty Pc ttyv1
chat 58545 0.0 3.2 4372 4040 ?? I 6:03AM 0:03.26 /home/chat/bin/entropychat.pl
radio 58814 0.0 0.9 1620 1064 ?? Ss 6:09AM 2:40.87 ./liveice -F /usr/local/icecast/conf/liveice.cfg -@ 2 -m
root 1987 0.0 0.6 984 728 ?? S 9:35PM 0:00.00 /usr/sbin/cron
root 1988 0.0 0.6 1036 784 ?? S 9:35PM 0:00.00 /usr/sbin/cron
root 1990 0.0 0.4 620 444 ?? Ss 9:35PM 0:00.00 /bin/sh -c /etc/alertmon.pl
root 1991 0.0 0.4 620 444 ?? Ss 9:35PM 0:00.00 /bin/sh -c /usr/local/icecast/bin/probe_live.sh 2>&1 >/dev/null
root 1994 0.0 0.4 628 452 ?? S 9:35PM 0:00.00 /bin/sh /usr/local/icecast/bin/probe_live.sh
root 2017 0.0 0.1 176 60 ?? S 9:35PM 0:00.00 sleep 5
root 2019 0.0 0.4 620 444 ?? S 9:35PM 0:00.00 sh -c (netstat -an; ps auxwww)
root 0 0.0 0.0 0 0 ?? DLs Tue09AM 0:00.06 (swapper)
root 2020 0.0 0.2 416 240 ?? R 9:35PM 0:00.00 ps auxwww
root 1 0.0 0.3 528 312 ?? ILs Tue09AM 0:00.22 /sbin/init --
