Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Stunnel 加密问题漏洞
Vulnerability Description
Stunnel是比利时软件开发者Michal Trojnara所研发的一套用于提供全局的TLS/SSL服务的跨平台软件。该软件可对本身无法进行TLS或SSL通信的客户端及服务器提供安全的加密连接。 Stunnel 4.56及之前版本中存在安全漏洞,该漏洞源于当使用fork线程时,程序没有正确更新OpenSSL伪随机数发生器(PRNG)的状态,造成后续带有相同进程ID的子进程使用相同的熵池。远程攻击者可利用该漏洞获取EC (ECDSA)或DSA证书的私钥。
CVSS Information
N/A
Vulnerability Type
N/A