Vulnonym.org

CVE-2008-2420 - Thermosetting Dinosaur

Description

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL) which allows remote attackers to bypass intended access restrictions by using revoked certificates.

Reference

http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html http://www.securityfocus.com/bid/29309 http://secunia.com/advisories/30335 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html http://secunia.com/advisories/30425 http://secunia.com/advisories/31438 http://security.gentoo.org/glsa/glsa-200808-08.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:168 http://www.vupen.com/english/advisories/2008/1569/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42528