Hi,
I attached an exploit for:

http://online.securityfocus.com/bid/3748/info/
bugtraq id 3748
object
class Input Validation Error
cve CVE-2002-0002

remote Yes
local No
published Dec 22, 2001
updated Jan 17, 2002
vulnerable Stunnel Stunnel 3.20
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
Stunnel Stunnel 3.15
Stunnel Stunnel 3.16
Stunnel Stunnel 3.17
Stunnel Stunnel 3.18
Stunnel Stunnel 3.19
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 ia64
Stunnel Stunnel 3.21 c
Stunnel Stunnel 3.21 b
Stunnel Stunnel 3.21 a
Stunnel Stunnel 3.21

not vulnerable Stunnel Stunnel 3.22

Credit:

This vulnerability was originally discovered by Matthias Lange
<ml (at) netuse (dot) de [email concealed]>, and announced via Bugtraq by Brian Hatch
<bugtraq (at) ifokr (dot) org [email concealed]> on December 27, 2001.

References:

Advisory: MDKSA-2002:004: stunnel
(Mandrake)
Advisory: RHSA-2002:002-10: Updated stunnel packages available.
(RedHat)
Message: Stunnel: Format String Bug in versions <3.22
Message: Stunnel: Format String Bug update

[ reply ]