Vulnerabilities > CVE-2014-0016 - Insufficient Entropy in PRNG vulnerability in Stunnel
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-14.NASL description The remote host is affected by the vulnerability described in GLSA-201408-14 (stunnel: Information disclosure) stunnel does not properly update the state of the pseudo-random generator after fork-threading which causes subsequent children with the same process ID to use the same entropy pool. ECDSA and DSA keys, when not used in deterministic mode (RFC6979), rely on random data for its k parameter to not leak private key information. Impact : A remote attacker may gain access to private key information from ECDSA or DSA keys. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77458 published 2014-08-30 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77458 title GLSA-201408-14 : stunnel: Information disclosure NASL family Windows NASL id STUNNEL_5_00.NASL description The version of stunnel installed on the remote host is prior to version 5.00. It is, therefore, affected by a security weakness due to the PRNG state not being reset for new connections where the server forks. A remote attacker can exploit this issue to disclose sensitive information, such as the private key used for EC (ECDSA) or DSA certificates. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 73212 published 2014-03-26 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73212 title stunnel < 5.00 PRNG State Security Weakness NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-096.NASL description Updated stunnel package fixes security vulnerability : A flaw was found in the way stunnel, a socket wrapper which can provide SSL support to ordinary applications, performed (re)initialization of PRNG after fork. When accepting a new connection, the server forks and the child process handles the request. The RAND_bytes() function of openssl doesn last seen 2020-06-01 modified 2020-06-02 plugin id 82349 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82349 title Mandriva Linux Security Advisory : stunnel (MDVSA-2015:096)
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:65964 CVE ID:CVE-2014-0016 Stunnel是一个自由的跨平台软件,用于提供全局的TLS / SSL 服务。 Stunnel存在安全漏洞,套接字封装程序可对普通应用程序提供SSL支持,在fork后执行PRNG初始化,当接受新连接时,服务器fork(),子进程处理请求。OpenSSLRAND_bytes()函数在fork后没有重置其状态,而是简单的添加当前进程ID(getpid)至PRNG状态,可导致使用EC (ECDSA)或DSA证书的服务器在某些情况下泄漏私钥。 0 Stunnel 目前没有详细解决方案提供: http://www.stunnel.org |
| id | SSV:61718 |
| last seen | 2017-11-19 |
| modified | 2014-03-11 |
| published | 2014-03-11 |
| reporter | Root |
| title | Stunnel PRING初始化漏洞 |