Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.

Related bugs and status

CVE-2008-2420 (Candidate) is related to these bugs:

Bug #257949: [CVE-2008-2420] stunnel incorrect OCSP validation vulnerability

Summary				In	Importance	Status
	257949	[CVE-2008-2420] stunnel incorrect OCSP validation vulnerability		stunnel4 (Ubuntu)	Undecided	Fix Released
	257949	[CVE-2008-2420] stunnel incorrect OCSP validation vulnerability		stunnel4 (Ubuntu Hardy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MLIST: [stunnel-announce] 200...
BID: 29309
SECUNIA: 30335
FEDORA: FEDORA-2008-4531
FEDORA: FEDORA-2008-4579
FEDORA: FEDORA-2008-4606
SECUNIA: 30425
GENTOO: GLSA-200808-08
MANDRIVA: MDVSA-2008:168
SECUNIA: 31438
VUPEN: ADV-2008-1569
XF: stunnel-ocsp-security-...