Bugtraq mailing list archives
Re: Stunnel: Format String Bug update
From: Roman Drahtmueller <draht () suse de>
Date: Tue, 8 Jan 2002 16:52:34 +0100 (MET)
The versions listed in the original advisory were wrong. Stunnel versions prior to 3.15 did not contain any smtp client negotiation code, only server code which is not vulnerable. The buggy smtp, pop, and nntp client code wasn't added until version 3.15, not 3.3 as I originally reported. Versions prior to 3.15 are not vulnerable. The misdiagnosis was caused by an abundance of migranes, illness, and vomitting in my household which is luckily starting to abate.
The SuSE Linux distributions 7.2 and 7.3 as well as SLES7 have stunnel-3.14 (unpatched). It does have protocol-dependent code, but there are no format string bugs that are exploitable (only "unclean" lines like fdprintf(local, "220 Go ahead", line); ). You have to dig into it for a few minutes. The version statement does not hold. [...]
Update Date: 2-Jan-2002 Original Release Date: 22-Dec-2001 Package: stunnel Versions: stunnel-3.15 => stunnel-3.21c Problem type: format string bugs
Roman. -- - - | Roman Drahtmüller <draht () suse de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
Current thread:
- Stunnel: Format String Bug update Brian Hatch (Jan 03)
- Re: Stunnel: Format String Bug update Roman Drahtmueller (Jan 08)