Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

stunnel - exploit

From: Darell Esfandia <deltha () analog ro>
Date: Wed, 15 Jan 2003 11:26:58 +0200
Hi,
I attached an exploit for:

http://online.securityfocus.com/bid/3748/info/
bugtraq id 3748
object
class Input Validation Error
cve CVE-2002-0002

remote Yes
local No
published Dec 22, 2001
updated Jan 17, 2002
vulnerable Stunnel Stunnel 3.20
   + MandrakeSoft Linux Mandrake 8.1
   + MandrakeSoft Linux Mandrake 8.1 ia64
Stunnel Stunnel 3.15
Stunnel Stunnel 3.16
Stunnel Stunnel 3.17
Stunnel Stunnel 3.18
Stunnel Stunnel 3.19
   + RedHat Linux 7.2 i386
   + RedHat Linux 7.2 ia64
Stunnel Stunnel 3.21 c
Stunnel Stunnel 3.21 b
Stunnel Stunnel 3.21 a
Stunnel Stunnel 3.21

not vulnerable Stunnel Stunnel 3.22

Credit:

This vulnerability was originally discovered by Matthias Lange
<ml () netuse de>, and announced via Bugtraq by Brian Hatch
<bugtraq () ifokr org> on December 27, 2001.

References:

Advisory: MDKSA-2002:004: stunnel
(Mandrake)
Advisory: RHSA-2002:002-10: Updated stunnel packages available.
(RedHat)
Message: Stunnel: Format String Bug in versions <3.22
Message: Stunnel: Format String Bug update

Attachment: w00nf-stunnel.c
Description:

Previous By Date Next
Previous By Thread Next

Current thread: