Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Stunnel | Stunnel | 3.3 (including) | 3.3 (including) |
| Stunnel | Stunnel | 3.4a (including) | 3.4a (including) |
| Stunnel | Stunnel | 3.7 (including) | 3.7 (including) |
| Stunnel | Stunnel | 3.8 (including) | 3.8 (including) |
| Stunnel | Stunnel | 3.9 (including) | 3.9 (including) |
| Stunnel | Stunnel | 3.10 (including) | 3.10 (including) |
| Stunnel | Stunnel | 3.11 (including) | 3.11 (including) |
| Stunnel | Stunnel | 3.12 (including) | 3.12 (including) |
| Stunnel | Stunnel | 3.13 (including) | 3.13 (including) |
| Stunnel | Stunnel | 3.14 (including) | 3.14 (including) |
| Stunnel | Stunnel | 3.15 (including) | 3.15 (including) |
| Stunnel | Stunnel | 3.16 (including) | 3.16 (including) |
| Stunnel | Stunnel | 3.17 (including) | 3.17 (including) |
| Stunnel | Stunnel | 3.18 (including) | 3.18 (including) |
| Stunnel | Stunnel | 3.19 (including) | 3.19 (including) |
| Stunnel | Stunnel | 3.20 (including) | 3.20 (including) |
| Stunnel | Stunnel | 3.21 (including) | 3.21 (including) |
| Stunnel | Stunnel | 3.21a (including) | 3.21a (including) |
| Stunnel | Stunnel | 3.21b (including) | 3.21b (including) |
| Stunnel | Stunnel | 3.21c (including) | 3.21c (including) |
| Stunnel | Stunnel | 3.22 (including) | 3.22 (including) |
| Stunnel | Stunnel | 3.24 (including) | 3.24 (including) |
| Stunnel | Stunnel | 4.0 (including) | 4.0 (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * |