CVE Vulnerabilities

CVE-2003-0740

Published: Oct 20, 2003 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.

Affected Software

Name Vendor Start Version End Version
Stunnel Stunnel 3.3 3.3
Stunnel Stunnel 3.4a 3.4a
Stunnel Stunnel 3.7 3.7
Stunnel Stunnel 3.8 3.8
Stunnel Stunnel 3.9 3.9
Stunnel Stunnel 3.10 3.10
Stunnel Stunnel 3.11 3.11
Stunnel Stunnel 3.12 3.12
Stunnel Stunnel 3.13 3.13
Stunnel Stunnel 3.14 3.14
Stunnel Stunnel 3.15 3.15
Stunnel Stunnel 3.16 3.16
Stunnel Stunnel 3.17 3.17
Stunnel Stunnel 3.18 3.18
Stunnel Stunnel 3.19 3.19
Stunnel Stunnel 3.20 3.20
Stunnel Stunnel 3.21 3.21
Stunnel Stunnel 3.21a 3.21a
Stunnel Stunnel 3.21b 3.21b
Stunnel Stunnel 3.21c 3.21c
Stunnel Stunnel 3.22 3.22
Stunnel Stunnel 3.24 3.24
Stunnel Stunnel 4.0 4.0

References