• info
• discussion
• exploit
• solution
• references

Stunnel Unspecified SIGCHLD Signal Handler Vulnerability

Solution:
Sun have made fixes available to address this issue in Sun Linux 5.0.7. Fixes are linked below.

EnGarde has released advisory ESA-20030806-020 to address this issue. Digital Secure Network subscribers may update using the WebTool. See referenced advisory for additional information.

Red Hat has released advisories RHSA-2003:221-01 and RHSA-2003:296-01 to address this issue. See referenced advisories for additional information.

Conectiva has released an advisory (CLA-2003:736) to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

SCO has released an advisory (CSSA-2003-026.0) for OpenLinux that addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Trustix has released two security advisories to address this issue, both including fixes for TSL 1.2 and 1.5. Users should likely update their systems using the fixes included in the most recent advisory.

Fixes available:


Caldera OpenLinux Server 3.1.1

• SCO stunnel-4.04-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-026.0/R PMS/stunnel-4.04-1.i386.rpm

Caldera OpenLinux Workstation 3.1.1

• SCO stunnel-4.04-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 6.0/RPMS/stunnel-4.04-1.i386.rpm

Stunnel Stunnel 3.18

• Stunnel stunnel-4.04.exe
  http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe


• Stunnel stunnel-4.04.tar.gz
  http://www.stunnel.org/download/stunnel/src/stunnel-4.04.tar.gz

Stunnel Stunnel 3.19

• Stunnel stunnel-4.04.exe
  http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe


• Stunnel stunnel-4.04.tar.gz
  http://www.stunnel.org/download/stunnel/src/stunnel-4.04.tar.gz

Stunnel Stunnel 3.21

• Stunnel stunnel-4.04.exe
  http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe


• Stunnel stunnel-4.04.tar.gz
  http://www.stunnel.org/download/stunnel/src/stunnel-4.04.tar.gz

Stunnel Stunnel 3.22

• Conectiva stunnel-3.26-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/stunnel-3.26-1U80_1cl.i386. rpm


• Conectiva stunnel-3.26-21517U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/stunnel-3.26-21517U90_1cl.i 386.rpm

Stunnel Stunnel 3.25

• Trustix stunnel-3.25-1tr.i586.rpm
  ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/stunnel-3.25-1tr.i5 86.rpm


• Trustix stunnel-3.25-1tr.i586.rpm
  ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/stunnel-3.25-1tr.i5 86.rpm


• Trustix stunnel-3.26-1tr.i586.rpm
  Trustix Secure Linux 1.2
  http://http.trustix.org/pub/trustix/updates/1.2/rpms/stunnel-3.26-1tr. i586.rpm


• Trustix stunnel-3.26-1tr.i586.rpm
  Trustix Secure Linux 1.5
  http://http.trustix.org/pub/trustix/updates/1.5/rpms/stunnel-3.26-1tr. i586.rpm

Stunnel Stunnel 4.0 1

• Stunnel stunnel-4.04.exe
  http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe


• Stunnel stunnel-4.04.tar.gz
  http://www.stunnel.org/download/stunnel/src/stunnel-4.04.tar.gz

Stunnel Stunnel 4.0 2

• Stunnel stunnel-4.04.exe
  http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe


• Stunnel stunnel-4.04.tar.gz
  http://www.stunnel.org/download/stunnel/src/stunnel-4.04.tar.gz

Stunnel Stunnel 4.0 3

• Stunnel stunnel-4.04.exe
  http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe


• Stunnel stunnel-4.04.tar.gz
  http://www.stunnel.org/download/stunnel/src/stunnel-4.04.tar.gz

Stunnel Stunnel 4.0 0

• Stunnel stunnel-4.04.exe
  http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe


• Stunnel stunnel-4.04.tar.gz
  http://www.stunnel.org/download/stunnel/src/stunnel-4.04.tar.gz