CVE-2003-0740 – Stunnel 3.24/4.00 - Daemon Hijacking
https://notcve.org/view.php?id=CVE-2003-0740
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server. • https://www.exploit-db.com/exploits/91 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://marc.info/?l=bugtraq&m=106260760211958&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:108 http://www.redhat.com/support/errata/RHSA-2003-297.html https://access.redhat.com/security/cve/CVE-2003-0740 https://bugzilla.redhat.com/show_bug.cgi?id=1617077 •
CVE-2002-0002 – STunnel 3.x - Client Negotiation Protocol Format String
https://notcve.org/view.php?id=CVE-2002-0002
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. Vulnerabilidad en el formateado de cadenas en stunnel anterior a la 3.22 cuando se usa en modo cliente para smtp, pop o nntp permite que servidores remotos maliciosos ejecuten código arbitrario. • https://www.exploit-db.com/exploits/21192 http://marc.info/?l=stunnel-users&m=100869449828705&w=2 http://online.securityfocus.com/archive/1/247427 http://online.securityfocus.com/archive/1/248149 http://stunnel.mirt.net/news.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3 http://www.redhat.com/support/errata/RHSA-2002-002.html http://www.securityfocus.com/bid/3748 https://exchange.xforce.ibmcloud.com/vulnerabilities/7741 •
CVE-2001-0060
https://notcve.org/view.php?id=CVE-2001-0060
Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username. • http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363 http://www.debian.org/security/2001/dsa-009 http://www.redhat.com/support/errata/RHSA-2000-129.html http://www.securityfocus.com/archive/1/151719 http://www.securityfocus.com/bid/2128 https://exchange.xforce.ibmcloud.com/vulnerabilities/5807 •