Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1762

Overview

Vulnerability Score 6.6 6.6
CVE Id CVE-2013-1762
Last Modified 17 Jan 2014 12:13:42
Published 08 Mar 2013 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-1762

Summary

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Vulnerable Systems

Application

  • Stunnel 4.21

  • Stunnel 4.22

  • Stunnel 4.23

  • Stunnel 4.24

  • Stunnel 4.25

  • Stunnel 4.26

  • Stunnel 4.27

  • Stunnel 4.28

  • Stunnel 4.29

  • Stunnel 4.30

  • Stunnel 4.31

  • Stunnel 4.32

  • Stunnel 4.33

  • Stunnel 4.34

  • Stunnel 4.35

  • Stunnel 4.36

  • Stunnel 4.37

  • Stunnel 4.38

  • Stunnel 4.39

  • Stunnel 4.40

  • Stunnel 4.41

  • Stunnel 4.42

  • Stunnel 4.43

  • Stunnel 4.44

  • Stunnel 4.45

  • Stunnel 4.46

  • Stunnel 4.47

  • Stunnel 4.48

  • Stunnel 4.49

  • Stunnel 4.50

  • Stunnel 4.51

  • Stunnel 4.52

  • Stunnel 4.53

  • Stunnel 4.54


References

CONFIRM - https://www.stunnel.org/CVE-2013-1762.html

REDHAT - RHSA-2013:0714

DEBIAN - DSA-2664

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097

MANDRIVA - MDVSA-2013:130

Related Patches

Novell SUSE 2013:7449 stunnel security update for SLES 11 SP2 i586

Novell SUSE 2013:7449 stunnel security update for SLES 11 SP2 x86_64


Last Updated: 27 May 2016 11:02:04