This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
All versions of stunnel from 3.15 to 3.21c are vulnerable to format
string bugs in the functions which implement smtp, pop, and nntp
client negotiations. Using stunnel with the '-n service' option and
the '-c' client mode option, a malicious server could use the format
sting vulnerability to run arbitrary code as the owner of the current
stunnel process. Version 3.22 is not vulnerable to this bug.
See also :
Update the affected stunnel package.
Risk factor :
High / CVSS Base Score : 7.5