Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0740

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0740
Last Modified 10 Sep 2008 03:20:20
Published 20 Oct 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0740

Summary

Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.

Vulnerable Systems

Application

  • Stunnel 3.10

  • Stunnel 3.11

  • Stunnel 3.12

  • Stunnel 3.13

  • Stunnel 3.14

  • Stunnel 3.15

  • Stunnel 3.16

  • Stunnel 3.17

  • Stunnel 3.18

  • Stunnel 3.19

  • Stunnel 3.20

  • Stunnel 3.21

  • Stunnel 3.21a

  • Stunnel 3.21b

  • Stunnel 3.21c

  • Stunnel 3.22

  • Stunnel 3.24

  • Stunnel 3.3

  • Stunnel 3.4a

  • Stunnel 3.7

  • Stunnel 3.8

  • Stunnel 3.9

  • Stunnel 4.0


References

BUGTRAQ - 20030903 Stunnel-3.x Daemon Hijacking

REDHAT - RHSA-2003:297

MANDRAKE - MDKSA-2003:108

CONECTIVA - CLA-2003:736


Last Updated: 27 May 2016 10:38:02