Lucene search

Veracode Vulnerability DatabaseVERACODE:10744

HistoryJan 15, 2019 - 8:51 a.m.

Remote Code Execution (RCE)

2019-01-1508:51:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:P/I:P/A:C

JSON

stunnel is vulnerable to remote code execution (RCE) attacks. The vulnerability exists as stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

CPENameOperatorVersion
stunneleq4.29__2.el6

CPE	Name	Operator	Version
	stunnel	eq	4.29__2.el6

References

rhn.redhat.com/errata/RHSA-2013-0714.html

www.debian.org/security/2013/dsa-2664

www.mandriva.com/security/advisories?name=MDVSA-2013:130

access.redhat.com/security/updates/classification/#moderate

rhn.redhat.com/errata/RHSA-2013-0714.html

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097

www.stunnel.org/CVE-2013-1762.html

6.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:P/I:P/A:C

JSON

Related for VERACODE:10744