Rapid7 Vulnerability & Exploit Database

RHSA-2002:002: Updated stunnel packages available.

Back to Search

RHSA-2002:002: Updated stunnel packages available.

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
01/31/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated stunnel packages are now available for Red Hat Linux 7.2. These updates close a format-string vulnerability which is present in some earlier versions of stunnel.

Stunnel is an SSL wrapper for applications. One feature of Stunnel is the ability to negotiate SSL with protocols using the '-n' flag. There are format string bugs present in the functions which implement smtp, pop, and nntp client negotiations as supplied with Stunnel versions 3.15 up to 3.21c. If you use Stunnel with the '-n smtp', '-n pop', '-n nntp' options with the client mode '-c' option, a malicous server could abuse the format string bug to run arbitrary code as the owner of the Stunnel process. The packages included update Stunnel to version 3.22 which is not vulnerable to this bug. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0002 to this issue.

Solution(s)

  • redhat-upgrade-stunnel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;