CVE-2001-0060

Severity

99%

Complexity

99%

Confidentiality

165%

Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Stunnel

First reported 24 years ago

2001-02-12 05:00:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

Stunnel 3.3

3.3

Stunnel 3.4a

3.4a

Stunnel 3.7

3.7

Stunnel 3.8

3.8

References

20001209 Trustix Security Advisory - stunnel

Patch, Vendor Advisory

CLA-2000:363

DSA-009

RHSA-2000:129

20001218 Stunnel format bug

Patch, Vendor Advisory

2128

Patch, Vendor Advisory

stunnel-format-logfile(5807)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2001-0060

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

Type

First reported 24 years ago

Last updated 6 years ago

Affected Software

Stunnel 3.3

Stunnel 3.4a

Stunnel 3.7

Stunnel 3.8

References

20001209 Trustix Security Advisory - stunnel

CLA-2000:363

DSA-009

RHSA-2000:129

20001218 Stunnel format bug

2128

stunnel-format-logfile(5807)

Stay updated

Get in touch