Stunnel local arbitrary command execution vulnerability

35

Author: JT Smith

“Insecurely-structured calls to syslog() found in certain versions of
Stunnel (prior to version 3.9) pass user-supplied data to the syslog()
function in such a way that maliciously embedded format specifiers in
this data can cause the process to overwrite sections of its own
memory with arbitrary data.” Full details at SecurityFocus.

Category:

  • Linux