[23751] in bugtraq
Re: Stunnel: Format String Bug update
daemon@ATHENA.MIT.EDU (Roman Drahtmueller)
Tue Jan 8 12:50:31 2002
Date: Tue, 8 Jan 2002 16:52:34 +0100 (MET)
From: Roman Drahtmueller <draht@suse.de>
To: bugtraq@securityfocus.com
In-Reply-To: <20020103063853.GE26111@ifokr.org>
Message-ID: <Pine.LNX.4.43.0201081633150.11103-100000@dent.suse.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
> The versions listed in the original advisory were wrong.
> Stunnel versions prior to 3.15 did not contain any smtp
> client negotiation code, only server code which is not
> vulnerable. The buggy smtp, pop, and nntp client code
> wasn't added until version 3.15, not 3.3 as I originally
> reported.
>
> Versions prior to 3.15 are not vulnerable. The misdiagnosis
> was caused by an abundance of migranes, illness, and vomitting
> in my household which is luckily starting to abate.
The SuSE Linux distributions 7.2 and 7.3 as well as SLES7 have
stunnel-3.14 (unpatched). It does have protocol-dependent code, but there
are no format string bugs that are exploitable (only "unclean" lines like
fdprintf(local, "220 Go ahead", line); ).
You have to dig into it for a few minutes. The version statement does not
hold.
[...]
>
> Update Date: 2-Jan-2002
> Original Release Date: 22-Dec-2001
>
> Package: stunnel
> Versions: stunnel-3.15 => stunnel-3.21c
> Problem type: format string bugs
Roman.
--
- -
| Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
