CVE-2008-2400
https://notcve.org/view.php?id=CVE-2008-2400
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. Vulnerabilidad sin especificar en stunnel anterior a 4.23, cuando es ejecutado como un servicio en Windows, permite a usuarios locales obtener privilegios a través de vectores de ataque desconocidos. • http://secunia.com/advisories/30297 http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000034.html http://www.securityfocus.com/bid/29285 http://www.securitytracker.com/id?1020049 http://www.vupen.com/english/advisories/2008/1568/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42526 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2003-0740 – Stunnel 3.24/4.00 - Daemon Hijacking
https://notcve.org/view.php?id=CVE-2003-0740
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server. • https://www.exploit-db.com/exploits/91 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://marc.info/?l=bugtraq&m=106260760211958&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:108 http://www.redhat.com/support/errata/RHSA-2003-297.html https://access.redhat.com/security/cve/CVE-2003-0740 https://bugzilla.redhat.com/show_bug.cgi?id=1617077 •
CVE-2002-1563
https://notcve.org/view.php?id=CVE-2002-1563
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter. stunnerl 4.04 permite a atacantes causar una denegación de servicio (caída) debida a condiciones de carrera en el manejador de la señal SIGCHLD que causa una inconsistencia en el contador de hijos. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://marc.info/?l=bugtraq&m=104247606910598 http://marc.info/?l=bugtraq&m=106029168514511&w=2 http://marc.info/?l=stunnel-users&m=103600188215117&w=2 http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html http://www.redhat.com/support/errata/RHSA-2003-221.html http://www.redhat.com/support/errata/RHSA-2003-223.html http://www.securityfocus.com/bid/6592 https://access.redhat.com/security/cve& •
CVE-2003-0147
https://notcve.org/view.php?id=CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://marc.info/?l=bugtraq&m=104766550528628&w=2 http://marc.info/?l=bugtraq&m=104792570615648&w=2 http://marc.info/?l=bugtraq&m=104819602408063&w=2 •
CVE-2002-0002 – STunnel 3.x - Client Negotiation Protocol Format String
https://notcve.org/view.php?id=CVE-2002-0002
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. Vulnerabilidad en el formateado de cadenas en stunnel anterior a la 3.22 cuando se usa en modo cliente para smtp, pop o nntp permite que servidores remotos maliciosos ejecuten código arbitrario. • https://www.exploit-db.com/exploits/21192 http://marc.info/?l=stunnel-users&m=100869449828705&w=2 http://online.securityfocus.com/archive/1/247427 http://online.securityfocus.com/archive/1/248149 http://stunnel.mirt.net/news.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3 http://www.redhat.com/support/errata/RHSA-2002-002.html http://www.securityfocus.com/bid/3748 https://exchange.xforce.ibmcloud.com/vulnerabilities/7741 •