 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.50781 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandrake Security Advisory MDKSA-2002:004 (stunnel) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to stunnel announced via advisory MDKSA-2002:004. All versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations. Using stunnel with the -n service option and the -c client mode option, a malicious server could use the format sting vulnerability to run arbitrary code as the owner of the current stunnel process. Version 3.22 is not vulnerable to this bug. Affected versions: 8.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0002 http://marc.theaimsgroup.com/?l=stunnel-users&m=100868569203440 http://marc.theaimsgroup.com/?l=stunnel-users&m=100913948312986 Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
BugTraq ID: 3748 Common Vulnerability Exposure (CVE) ID: CVE-2002-0002 http://www.securityfocus.com/bid/3748 Bugtraq: 20011227 Stunnel: Format String Bug in versions <3.22 (Google Search) http://online.securityfocus.com/archive/1/247427 Bugtraq: 20020102 Stunnel: Format String Bug update (Google Search) http://online.securityfocus.com/archive/1/248149 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3 http://marc.info/?l=stunnel-users&m=100869449828705&w=2 http://www.redhat.com/support/errata/RHSA-2002-002.html XForce ISS Database: stunnel-client-format-string(7741) https://exchange.xforce.ibmcloud.com/vulnerabilities/7741 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |