Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager authentication together with the "connect" protocol method . With these prerequisites and using stunnel4 in SSL client mode on a 64bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever. Note that for the testing distribution and the unstable distribution , stunnel4 is compiled with stack smashing protection enabled, which should help protect against arbitrary code execution.