Vulnerability Name:

CVE-2002-0002 (CCN-7741)

Assigned:2001-12-22
Published:2001-12-22
Updated:2017-10-10
Summary:Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Thu Dec 27 2001 - 15:05:38 CST
Stunnel: Format String Bug in versions <3.22

Source: CCN
Type: BugTraq Mailing List, Thu Jan 03 2002 - 00:38:53 CST
Stunnel: Format String Bug update

Source: MITRE
Type: CNA
CVE-2002-0002

Source: MISC
Type: UNKNOWN
http://marc.info/?l=stunnel-users&m=100869449828705&w=2

Source: BUGTRAQ
Type: UNKNOWN
20011227 Stunnel: Format String Bug in versions <3.22

Source: BUGTRAQ
Type: UNKNOWN
20020102 Stunnel: Format String Bug update

Source: CCN
Type: RHSA-2002-002
Updated stunnel packages available.

Source: CONFIRM
Type: Vendor Advisory
http://stunnel.mirt.net/news.html

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:004

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20011227-01
'stunnel' format string vulnerability

Source: CCN
Type: OSVDB ID: 2012
Stunnel -n Option Client Negotiation Protocol Remote Format String

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:002

Source: BID
Type: UNKNOWN
3748

Source: CCN
Type: BID-3748
STunnel Client Negotiation Protocol Format String Vulnerability

Source: CCN
Type: Stunnel Web site
Download Stunnel

Source: XF
Type: UNKNOWN
stunnel-client-format-string(7741)

Source: XF
Type: UNKNOWN
stunnel-client-format-string(7741)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:stunnel:stunnel:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.4a:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.21a:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.21b:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.21c:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
  • OR cpe:/a:stunnel:stunnel:3.24:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:engardelinux:secure_linux:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:stunnel:stunnel:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    stunnel stunnel 3.3
    stunnel stunnel 3.4a
    stunnel stunnel 3.7
    stunnel stunnel 3.8
    stunnel stunnel 3.9
    stunnel stunnel 3.10
    stunnel stunnel 3.11
    stunnel stunnel 3.12
    stunnel stunnel 3.13
    stunnel stunnel 3.14
    stunnel stunnel 3.15
    stunnel stunnel 3.16
    stunnel stunnel 3.17
    stunnel stunnel 3.18
    stunnel stunnel 3.19
    stunnel stunnel 3.20
    stunnel stunnel 3.21
    stunnel stunnel 3.21a
    stunnel stunnel 3.21b
    stunnel stunnel 3.21c
    stunnel stunnel 3.22
    stunnel stunnel 3.24
    engardelinux secure linux 1.0.1
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    stunnel stunnel *
    redhat linux 7
    engardelinux secure community 1.0.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    redhat linux 7.3
    mandrakesoft mandrake linux 8.1