DSA-2664-1 stunnel4 -- buffer overflowID: oval:org.secpod.oval:def:601010 | Date: (C)2013-05-02 (M)2022-10-10 |
Class: PATCH | Family: unix |
Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager authentication together with the "connect" protocol method . With these prerequisites and using stunnel4 in SSL client mode on a 64bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever. Note that for the testing distribution and the unstable distribution , stunnel4 is compiled with stack smashing protection enabled, which should help protect against arbitrary code execution.