Vulnerabilities > CVE-2002-0002

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
stunnel
engardelinux
mandrakesoft
redhat
nessus
exploit available

Summary

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Exploit-Db

descriptionSTunnel 3.x Client Negotiation Protocol Format String Vulnerability. CVE-2002-0002. Remote exploit for linux platform
idEDB-ID:21192
last seen2016-02-02
modified2001-12-22
published2001-12-22
reporterdeltha
sourcehttps://www.exploit-db.com/download/21192/
titleSTunnel 3.x Client Negotiation Protocol Format String Vulnerability

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2002-004.NASL
descriptionAll versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations. Using stunnel with the
last seen2020-06-01
modified2020-06-02
plugin id13912
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13912
titleMandrake Linux Security Advisory : stunnel (MDKSA-2002:004)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2002:004. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(13912);
  script_version ("1.20");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2002-0002");
  script_xref(name:"MDKSA", value:"2002:004");

  script_name(english:"Mandrake Linux Security Advisory : stunnel (MDKSA-2002:004)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"All versions of stunnel from 3.15 to 3.21c are vulnerable to format
string bugs in the functions which implement smtp, pop, and nntp
client negotiations. Using stunnel with the '-n service' option and
the '-c' client mode option, a malicious server could use the format
sting vulnerability to run arbitrary code as the owner of the current
stunnel process. Version 3.22 is not vulnerable to this bug."
  );
  # http://marc.theaimsgroup.com/?l=stunnel-users&m=100868569203440
  script_set_attribute(
    attribute:"see_also",
    value:"http://marc.info/?l=stunnel-users&m=100868569203440"
  );
  # http://marc.theaimsgroup.com/?l=stunnel-users&m=100913948312986
  script_set_attribute(
    attribute:"see_also",
    value:"https://marc.info/?l=stunnel-users&m=100913948312986"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected stunnel package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:stunnel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"stunnel-3.22-1.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories
rhsa
idRHSA-2002:002