PT-2013-1193 · Stunnel+3 · Stunnel+3

Mateusz Kocielski

Published

2013-03-08

Updated

2024-06-15

CVE-2013-1762

CVSS v2.0

6.6

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions stunnel versions 4.21 through 4.54 stunnel version 4.29

Description The issue arises when the CONNECT protocol negotiation and NTLM authentication are enabled in stunnel, leading to incorrect integer conversion. This allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For stunnel versions 4.21 through 4.54, update to a version later than 4.54 to resolve the issue. For stunnel version 4.29, update to a version later than 4.29 to resolve the issue. As a temporary workaround, consider disabling NTLM authentication and CONNECT protocol negotiation until a patch is available. Restrict access to the stunnel service to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2015-07603

BDU:2015-07604

BDU:2015-08992

BDU:2015-08993

BDU:2015-09731

CESA-2013_0714

CVE-2013-1762

DSA-2664-1

OPENSUSE-SU-2024:10289-1

RHSA-2013:0714

RHSA-2013_0714

SUSE-SU-2013_0709-1

Affected Products

Centos

Red Hat

Suse

Stunnel

PT-2013-1193 · Stunnel+3 · Stunnel+3

CVE-2013-1762

Weakness Enumeration

Related Identifiers

Affected Products

References · 36