Vulnerability Details CVE-2003-0740
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.7%
CVSS Severity
CVSS v2 Score 4.6
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736
- http://marc.info/?l=bugtraq&m=106260760211958&w=2
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:108
- http://www.redhat.com/support/errata/RHSA-2003-297.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736
- http://marc.info/?l=bugtraq&m=106260760211958&w=2
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:108
- http://www.redhat.com/support/errata/RHSA-2003-297.html
Products affected by CVE-2003-0740
-
cpe:2.3:a:stunnel:stunnel:3.10
-
cpe:2.3:a:stunnel:stunnel:3.11
-
cpe:2.3:a:stunnel:stunnel:3.12
-
cpe:2.3:a:stunnel:stunnel:3.13
-
cpe:2.3:a:stunnel:stunnel:3.14
-
cpe:2.3:a:stunnel:stunnel:3.15
-
cpe:2.3:a:stunnel:stunnel:3.16
-
cpe:2.3:a:stunnel:stunnel:3.17
-
cpe:2.3:a:stunnel:stunnel:3.18
-
cpe:2.3:a:stunnel:stunnel:3.19
-
cpe:2.3:a:stunnel:stunnel:3.20
-
cpe:2.3:a:stunnel:stunnel:3.21
-
cpe:2.3:a:stunnel:stunnel:3.21a
-
cpe:2.3:a:stunnel:stunnel:3.21b
-
cpe:2.3:a:stunnel:stunnel:3.21c
-
cpe:2.3:a:stunnel:stunnel:3.22
-
cpe:2.3:a:stunnel:stunnel:3.24
-
cpe:2.3:a:stunnel:stunnel:3.3
-
cpe:2.3:a:stunnel:stunnel:3.4a
-
cpe:2.3:a:stunnel:stunnel:3.7
-
cpe:2.3:a:stunnel:stunnel:3.8
-
cpe:2.3:a:stunnel:stunnel:3.9
-
cpe:2.3:a:stunnel:stunnel:4.0