Published: 20/10/2003 Updated: 18/10/2016

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Stunnel 4.00, and 3.24 and previous versions, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
stunnel stunnel 3.10
stunnel stunnel 3.11
stunnel stunnel 3.18
stunnel stunnel 3.19
stunnel stunnel 3.3
stunnel stunnel 3.4a
stunnel stunnel 3.16
stunnel stunnel 3.17
stunnel stunnel 3.21c
stunnel stunnel 3.22
stunnel stunnel 3.24
stunnel stunnel 3.12
stunnel stunnel 3.13
stunnel stunnel 3.20
stunnel stunnel 3.21
stunnel stunnel 3.7
stunnel stunnel 3.8
stunnel stunnel 3.14
stunnel stunnel 3.15
stunnel stunnel 3.21a
stunnel stunnel 3.21b
stunnel stunnel 3.9
stunnel stunnel 4.0

/* By Steve Grubb : The technique is simple * * 1) Fork so that stunnel can't find you when it dies * 2) Send stunnel a SIGUSR2 Unhandled signals generally * kill programs Since you are a child of stunnel, the OS * will deliver the signal * 3) Select on the leaked descriptor and start serving pages * * At the end of this advisory is ...

NVD-CWE-Other http://www.redhat.com/support/errata/RHSA-2003-297.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://www.mandriva.com/security/advisories?name=MDKSA-2003:108 http://marc.info/?l=bugtraq&m=106260760211958&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/91/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0740

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect