stunnel - exploit

From: Darell Esfandia (delthaat_private)
Date: Wed Jan 15 2003 - 01:26:58 PST

Next message: Martin Schulze: "[SECURITY] [DSA 229-2] New IMP packages fix SQL injection and typo"

Previous message: OpenPKG: "[OpenPKG-SA-2003.001] OpenPKG Security Advisory (png)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
I attached an exploit for:

http://online.securityfocus.com/bid/3748/info/
bugtraq id 3748
object
class Input Validation Error
cve CVE-2002-0002

remote Yes
local No
published Dec 22, 2001
updated Jan 17, 2002
vulnerable Stunnel Stunnel 3.20
   + MandrakeSoft Linux Mandrake 8.1
   + MandrakeSoft Linux Mandrake 8.1 ia64
Stunnel Stunnel 3.15
Stunnel Stunnel 3.16
Stunnel Stunnel 3.17
Stunnel Stunnel 3.18
Stunnel Stunnel 3.19
   + RedHat Linux 7.2 i386
   + RedHat Linux 7.2 ia64
Stunnel Stunnel 3.21 c
Stunnel Stunnel 3.21 b
Stunnel Stunnel 3.21 a
Stunnel Stunnel 3.21

not vulnerable Stunnel Stunnel 3.22

Credit:

This vulnerability was originally discovered by Matthias Lange
<mlat_private>, and announced via Bugtraq by Brian Hatch
<bugtraqat_private> on December 27, 2001.

References:

Advisory: MDKSA-2002:004: stunnel
(Mandrake)
Advisory: RHSA-2002:002-10: Updated stunnel packages available.
(RedHat)
Message: Stunnel: Format String Bug in versions <3.22
Message: Stunnel: Format String Bug update

application/x-unknown-content-type-c_auto_file attachment: w00nf-stunnel.c

Next message: Martin Schulze: "[SECURITY] [DSA 229-2] New IMP packages fix SQL injection and typo"
Previous message: OpenPKG: "[OpenPKG-SA-2003.001] OpenPKG Security Advisory (png)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 16 2003 - 11:31:26 PST