Paketname
stunnel
Datum
2002-01-16
Advisory ID
MDKSA-2002:004
Betroffene Versionen
8.1 i586 , 8.1 i586

Problembeschreibung

All versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations. Using stunnel with the "-n service" option and the "-c" client mode option, a malicious server could use the format sting vulnerability to run arbitrary code as the owner of the current stunnel process. Version 3.22 is not vulnerable to this bug.

Aktualisierte Pakete

8.1 i586

 08204f11728f2c6b6152de9ebb562ac5  8.1/RPMS/stunnel-3.22-1.1mdk.i586.rpm
e85fbd3435759fa7b94bb5c371738b30  8.1/SRPMS/stunnel-3.22-1.1mdk.src.rpm

8.1 i586

 3616248cce2e982035b6905252610980  ia64/8.1/RPMS/stunnel-3.22-1.1mdk.ia64.rpm
e85fbd3435759fa7b94bb5c371738b30  ia64/8.1/SRPMS/stunnel-3.22-1.1mdk.src.rpm

Referenzen