stunnel < 4.23 Local Privilege Escalation

Medium Nessus Plugin ID 32394


A remote Windows host contains a program that is affected by a local privilege escalation vulnerability.


The remote host is running stunnel, an application for encrypting arbitrary network connections with SSL.

The version of stunnel installed on the remote host, when running as a service, allows a local user to gain LocalSystem privileges due to an unspecified error.


Upgrade to stunnel version 4.23 or later.

See Also

Plugin Details

Severity: Medium

ID: 32394

File Name: stunnel_4_23.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2008/05/20

Modified: 2016/07/29

Dependencies: 65689, 10456

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:stunnel:stunnel

Required KB Items: installed_sw/stunnel

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-2400

BID: 29285

OSVDB: 45354

Secunia: 30297

CWE: 264