CVE-2002-0002

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://stunnel.mirt.net/news.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-002.html	Patch Vendor Advisory
http://online.securityfocus.com/archive/1/247427
http://online.securityfocus.com/archive/1/248149
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3
http://www.securityfocus.com/bid/3748
http://marc.info/?l=stunnel-users&m=100869449828705&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/7741

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:stunnel:stunnel:3.14:::::::*
	cpe:2.3:a:stunnel:stunnel:3.15:::::::*
	cpe:2.3:a:stunnel:stunnel:3.16:::::::*
	cpe:2.3:a:stunnel:stunnel:3.21b:::::::*
	cpe:2.3:a:stunnel:stunnel:3.21c:::::::*
	cpe:2.3:a:stunnel:stunnel:3.9:::::::*
	cpe:2.3:a:stunnel:stunnel:3.12:::::::*
	cpe:2.3:a:stunnel:stunnel:3.13:::::::*
	cpe:2.3:a:stunnel:stunnel:3.21:::::::*
	cpe:2.3:a:stunnel:stunnel:3.21a:::::::*
	cpe:2.3:a:stunnel:stunnel:3.7:::::::*
	cpe:2.3:a:stunnel:stunnel:3.3:::::::*
	cpe:2.3:a:stunnel:stunnel:3.4a:::::::*
	cpe:2.3:a:stunnel:stunnel:3.22:::::::*
	cpe:2.3:a:stunnel:stunnel:3.18:::::::*
	cpe:2.3:a:stunnel:stunnel:3.20:::::::*
	cpe:2.3:a:stunnel:stunnel:3.24:::::::*
	cpe:2.3:a:stunnel:stunnel:3.11:::::::*
	cpe:2.3:a:stunnel:stunnel:3.8:::::::*
	cpe:2.3:a:stunnel:stunnel:3.17:::::::*
	cpe:2.3:a:stunnel:stunnel:3.10:::::::*
	cpe:2.3:a:stunnel:stunnel:3.19:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:engardelinux:secure_linux:1.0.1:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:::::::*
	cpe:2.3:o:redhat:linux:7.2:::::::*

Information

Published : 2002-01-30 21:00

Updated : 2017-10-09 18:30

NVD link : CVE-2002-0002

Mitre link : CVE-2002-0002

JSON object : View

CWE

NVD-CWE-Other

Products Affected

mandrakesoft

mandrake_linux

redhat

linux

stunnel

stunnel

engardelinux

secure_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://stunnel.mirt.net/news.html", "name": "http://stunnel.mirt.net/news.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-002.html", "name": "RHSA-2002:002", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://online.securityfocus.com/archive/1/247427", "name": "20011227 Stunnel: Format String Bug in versions <3.22", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://online.securityfocus.com/archive/1/248149", "name": "20020102 Stunnel: Format String Bug update", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3", "name": "MDKSA-2002:004", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://www.securityfocus.com/bid/3748", "name": "3748", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=stunnel-users&m=100869449828705&w=2", "name": "http://marc.info/?l=stunnel-users&m=100869449828705&w=2", "tags": [], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7741", "name": "stunnel-client-format-string(7741)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0002", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-01-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.21b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.21c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.21a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.4a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:engardelinux:secure_linux:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:30Z"}

7.5 /10