CVE-2002-0002

Description

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Affected products

• engardelinux / secure_linux1.0.1 – 1.0.1
• mandrakesoft / mandrake_linux8.1 – 8.1
• RedHat / linux7.2 – 7.2
• stunnel / stunnel3.8 – 3.8
• stunnel / stunnel3.9 – 3.9
• stunnel / stunnel3.10 – 3.10
• stunnel / stunnel3.11 – 3.11
• stunnel / stunnel3.12 – 3.12
• stunnel / stunnel3.13 – 3.13
• stunnel / stunnel3.14 – 3.14
• stunnel / stunnel3.15 – 3.15
• stunnel / stunnel3.16 – 3.16
• stunnel / stunnel3.3 – 3.3
• stunnel / stunnel3.18 – 3.18
• stunnel / stunnel3.19 – 3.19
• stunnel / stunnel3.20 – 3.20
• stunnel / stunnel3.21 – 3.21
• stunnel / stunnel3.21a – 3.21a
• stunnel / stunnel3.21b – 3.21b
• stunnel / stunnel3.21c – 3.21c
• stunnel / stunnel3.22 – 3.22
• stunnel / stunnel3.24 – 3.24
• stunnel / stunnel3.17 – 3.17
• stunnel / stunnel3.4a – 3.4a
• stunnel / stunnel3.7 – 3.7

References

• MAILING_LISThttp://marc.info/?l=stunnel-users&m=100869449828705&w=2
• MISChttp://www.securityfocus.com/bid/3748
• MISChttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3
• MISChttp://online.securityfocus.com/archive/1/248149
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7741
• MISChttp://stunnel.mirt.net/news.html
• MISChttp://www.redhat.com/support/errata/RHSA-2002-002.html
• MISChttp://online.securityfocus.com/archive/1/247427