Stunnel Local Arbitrary Command Execution Vulnerability

The stunnel program author, Michal Trojnara, has released a vixed version (3.9), which is available from:

stunnel may also be hotfixed.

see log.c, ~line 67:

- syslog(level, text);
+ syslog(level, "%s", text);

Stunnel Stunnel 3.3

Stunnel Stunnel 3.4 a

Stunnel Stunnel 3.7

Stunnel Stunnel 3.8


Privacy Statement
Copyright 2010, SecurityFocus