Vulnerability CVE-2011-2940

Vulnerability Name:

CVE-2011-2940 (CCN-69318)

Assigned:

2011-08-18

Published:

2011-08-18

Updated:

2017-08-29

Summary:

stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2011-2940

Source: CCN
Type: SA45705
Stunnel Unspecified Heap Corruption Vulnerability

Source: SECUNIA
Type: Vendor Advisory
45705

Source: SECTRACK
Type: UNKNOWN
1025959

Source: CONFIRM
Type: UNKNOWN
http://stunnel.org/?page=sdf_ChangeLog

Source: MLIST
Type: UNKNOWN
[oss-security] 20110819 Re: CVE request: stunnel 4.4x heap overflow flaw

Source: MLIST
Type: UNKNOWN
[oss-security] 20110819 CVE request: stunnel 4.4x heap overflow flaw

Source: OSVDB
Type: UNKNOWN
74600

Source: CCN
Type: OSVDB ID: 74600
Stunnel Unspecified Memory Corruption

Source: BID
Type: UNKNOWN
49254

Source: CCN
Type: BID-49254
Stunnel Unspecified Memory Corruption Vulnerability

Source: CCN
Type: stunnel Web site
Download stunnel

Source: CCN
Type: stunnel Mailing List, Thu Aug 18 20:39:45 CEST 2011
stunnel 4.42 released

Source: MLIST
Type: UNKNOWN
[stunnel-announce] 20110818 stunnel 4.42 released

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=732068

Source: XF
Type: UNKNOWN
stunnel-unspecifed-code-execution(69318)

Source: XF
Type: UNKNOWN
stunnel-unspecifed-code-execution(69318)

Vulnerable Configuration:

Configuration 1:

cpe:/a:stunnel:stunnel:4.40:*:*:*:*:*:*:*

OR cpe:/a:stunnel:stunnel:4.41:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:stunnel:stunnel:4.40:*:*:*:*:*:*:*

OR cpe:/a:stunnel:stunnel:4.41:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20112940	V	CVE-2011-2940	2022-06-30
oval:org.opensuse.security:def:1074	P	Security update for MozillaFirefox (Important)	2022-06-02
oval:org.opensuse.security:def:1596	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1541	P	Security update for MozillaThunderbird (Important)	2022-03-21
oval:org.opensuse.security:def:113466	P	stunnel-5.38-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:68096	P	Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP1) (Important)	2021-12-14
oval:org.opensuse.security:def:106863	P	stunnel-5.38-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:90076	P	stunnel-5.44-1.29 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2152	P	stunnel-5.44-1.29 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97041	P	stunnel-5.44-1.29 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103731	P	stunnel-5.44-1.29 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71336	P	libxkbcommon-devel-0.8.2-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:63241	P	stunnel-5.44-1.29 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64749	P	Security update for systemd (Moderate)	2021-08-23
oval:org.opensuse.security:def:48056	P	kdump-0.8.16-9.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47555	P	apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48296	P	rrdtool-1.4.7-21.3.27 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47869	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47595	P	dosfstools-3.0.26-6.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48093	P	libapr1-1.5.1-4.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47610	P	freeradius-server-3.0.15-2.8.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47924	P	xinetd-2.3.15-8.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47541	P	yast2-users-3.2.11-1.47 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48148	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47676	P	libXfont1-1.5.1-11.3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48001	P	emacs-24.3-25.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47596	P	dovecot22-2.2.31-19.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48241	P	minicom-2.7-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47731	P	libkpathsea6-6.2.0dev-22.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47540	P	yast2-core-3.2.2-1.29 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:1019	P	kernel-firmware-20210208-2.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:67996	P	Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1) (Important)	2021-06-18
oval:org.opensuse.security:def:48539	P	libpoppler44-0.24.4-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48666	P	cyrus-sasl-digestmd5-32bit-2.1.26-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48768	P	dia-0.97.3-15.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48594	P	perl-5.18.2-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48721	P	gd-32bit-2.1.0-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48455	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48823	P	argyllcms-1.6.3-3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48601	P	pigz-2.3-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48697	P	libuuid-devel-2.25-6.69 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48510	P	libjavascriptcoregtk-4_0-18-2.12.5-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48656	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48752	P	libzmq3-4.0.4-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64662	P	Security update for wpa_supplicant (Important)	2021-03-08
oval:org.opensuse.security:def:2097	P	stunnel-5.44-1.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63186	P	stunnel-5.44-1.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71449	P	btrfsmaintenance-0.4.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49982	P	stunnel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50037	P	stunnel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49928	P	python2-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49983	P	subversion-server on GA media (Moderate)	2020-12-01

BACK