January 17, 2002

Mandrake: 'stunnel' Format string vulnerability

Author: JT Smith

From Linuxsecurity.com: "All versions of stunnel from 3.15 to 3.21c are vulnerable to format
string bugs in the functions which implement smtp, pop, and nntp client
negotiations. Using stunnel with the "-n service" option and the "-c"
client mode option, a malicious server could use the format sting
vulnerability to run arbitrary code as the owner of the current stunnel
process. Version 3.22 is not vulnerable to this bug."


  • Linux
Click Here!