Author: JT Smith
“Insecurely-structured calls to syslog() found in certain versions of
Stunnel (prior to version 3.9) pass user-supplied data to the syslog()
function in such a way that maliciously embedded format specifiers in
this data can cause the process to overwrite sections of its own
memory with arbitrary data.” Full details at SecurityFocus.
Stunnel (prior to version 3.9) pass user-supplied data to the syslog()
function in such a way that maliciously embedded format specifiers in
this data can cause the process to overwrite sections of its own
memory with arbitrary data.” Full details at SecurityFocus.
Category:
- Linux