CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 1CVE-2003-0740 – Stunnel 3.24/4.00 - Daemon Hijacking
https://notcve.org/view.php?id=CVE-2003-0740
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server. • https://www.exploit-db.com/exploits/91 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://marc.info/?l=bugtraq&m=106260760211958&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:108 http://www.redhat.com/support/errata/RHSA-2003-297.html https://access.redhat.com/security/cve/CVE-2003-0740 https://bugzilla.redhat.com/show_bug.cgi?id=1617077 •
CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0CVE-2003-0147
https://notcve.org/view.php?id=CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://marc.info/?l=bugtraq&m=104766550528628&w=2 http://marc.info/?l=bugtraq&m=104792570615648&w=2 http://marc.info/?l=bugtraq&m=104819602408063&w=2 •