Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0002

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0002
Last Modified 07 Mar 2011 09:07:36
Published 31 Jan 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0002

Summary

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Vulnerable Systems

Operating System

  • Engardelinux Secure Linux 1.0.1

  • Mandrakesoft Mandrake Linux 8.1

  • Redhat Linux 7.2

Application

  • Stunnel 3.10

  • Stunnel 3.11

  • Stunnel 3.12

  • Stunnel 3.13

  • Stunnel 3.14

  • Stunnel 3.15

  • Stunnel 3.16

  • Stunnel 3.17

  • Stunnel 3.18

  • Stunnel 3.19

  • Stunnel 3.20

  • Stunnel 3.21

  • Stunnel 3.21a

  • Stunnel 3.21b

  • Stunnel 3.21c

  • Stunnel 3.22

  • Stunnel 3.24

  • Stunnel 3.3

  • Stunnel 3.4a

  • Stunnel 3.7

  • Stunnel 3.8

  • Stunnel 3.9


References

REDHAT - RHSA-2002:002

CONFIRM - http://stunnel.mirt.net/news.html

MISC - http://marc.theaimsgroup.com/?l=stunnel-users&m=100869449828705&w=2

XF - stunnel-client-format-string(7741)

BID - 3748

MANDRAKE - MDKSA-2002:004

BUGTRAQ - 20020102 Stunnel: Format String Bug update

BUGTRAQ - 20011227 Stunnel: Format String Bug in versions <3.22


Last Updated: 27 May 2016 10:36:44