Mandrake Linux Security Advisory : stunnel (MDKSA-2002:004)
High Nessus Plugin ID 13912
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionAll versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations. Using stunnel with the '-n service' option and the '-c' client mode option, a malicious server could use the format sting vulnerability to run arbitrary code as the owner of the current stunnel process. Version 3.22 is not vulnerable to this bug.
SolutionUpdate the affected stunnel package.