Vulnerabilities > CVE-2002-0002

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nessus

exploit available

NVD

Published: 2002-01-31

Updated: 2017-10-10

Summary

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Stunnel Stunnel Stunnel 3.3 Stunnel Stunnel 3.4A Stunnel Stunnel 3.7 Stunnel Stunnel 3.8 Stunnel Stunnel 3.9 Stunnel Stunnel 3.10 Stunnel Stunnel 3.11 Stunnel Stunnel 3.12 Stunnel Stunnel 3.13 Stunnel Stunnel 3.14 Stunnel Stunnel 3.15 Stunnel Stunnel 3.16 Stunnel Stunnel 3.17 Stunnel Stunnel 3.18 Stunnel Stunnel 3.19 Stunnel Stunnel 3.20 Stunnel Stunnel 3.21 Stunnel Stunnel 3.21A Stunnel Stunnel 3.21B Stunnel Stunnel 3.21C Stunnel Stunnel 3.22 Stunnel Stunnel 3.24	22
OS	Engardelinux Engardelinux Secure Linux 1.0.1	1
OS	Mandrakesoft Mandrakesoft Mandrake Linux 8.1	1
OS	Redhat Redhat Linux 7.2	1

Exploit-Db

description	STunnel 3.x Client Negotiation Protocol Format String Vulnerability. CVE-2002-0002. Remote exploit for linux platform
id	EDB-ID:21192
last seen	2016-02-02
modified	2001-12-22
published	2001-12-22
reporter	deltha
source	https://www.exploit-db.com/download/21192/
title	STunnel 3.x Client Negotiation Protocol Format String Vulnerability

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2002-004.NASL
description	All versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations. Using stunnel with the
last seen	2020-06-01
modified	2020-06-02
plugin id	13912
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13912
title	Mandrake Linux Security Advisory : stunnel (MDKSA-2002:004)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:004. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13912); script_version ("1.20"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0002"); script_xref(name:"MDKSA", value:"2002:004"); script_name(english:"Mandrake Linux Security Advisory : stunnel (MDKSA-2002:004)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "All versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations. Using stunnel with the '-n service' option and the '-c' client mode option, a malicious server could use the format sting vulnerability to run arbitrary code as the owner of the current stunnel process. Version 3.22 is not vulnerable to this bug." ); # http://marc.theaimsgroup.com/?l=stunnel-users&m=100868569203440 script_set_attribute( attribute:"see_also", value:"http://marc.info/?l=stunnel-users&m=100868569203440" ); # http://marc.theaimsgroup.com/?l=stunnel-users&m=100913948312986 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=stunnel-users&m=100913948312986" ); script_set_attribute( attribute:"solution", value:"Update the affected stunnel package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:stunnel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"patch_publication_date", value:"2002/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"stunnel-3.22-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories

rhsa

id	RHSA-2002:002

Vulnerabilities > CVE-2002-0002 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2002-0002"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Redhat

References

Vulnerabilities > CVE-2002-0002