December 21, 2000

Stunnel local arbitrary command execution vulnerability

Author: JT Smith

"Insecurely-structured calls to syslog() found in certain versions of
Stunnel (prior to version 3.9) pass user-supplied data to the syslog()
function in such a way that maliciously embedded format specifiers in
this data can cause the process to overwrite sections of its own
memory with arbitrary data." Full details at SecurityFocus.


  • Linux
Click Here!