Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0060

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-0060
Last Modified 05 Sep 2008 04:23:10
Published 12 Feb 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0060

Summary

Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.

Vulnerable Systems

Application

  • Stunnel 3.3

  • Stunnel 3.4a

  • Stunnel 3.7

  • Stunnel 3.8


References

BID - 2128

BUGTRAQ - 20001218 Stunnel format bug

BUGTRAQ - 20001209 Trustix Security Advisory - stunnel

XF - stunnel-format-logfile

REDHAT - RHSA-2000:129

DEBIAN - DSA-009

CONECTIVA - CLA-2000:363


Last Updated: 27 May 2016 10:36:07