Detections
Analytics

stunnel < 4.23 Local Privilege Escalation

medium Nessus Plugin ID 32394

Synopsis

A remote Windows host contains a program that is affected by a local privilege escalation vulnerability.

Description

The remote host is running stunnel, an application for encrypting arbitrary network connections with SSL.

The version of stunnel installed on the remote host, when running as a service, allows a local user to gain LocalSystem privileges due to an unspecified error.

Solution

Upgrade to stunnel version 4.23 or later.

See Also

http://www.stunnel.org/news/

http://www.nessus.org/u?1def20e3

Plugin Details

Severity: Medium

ID: 32394

File Name: stunnel_4_23.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 5/20/2008

Updated: 7/30/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:stunnel:stunnel

Required KB Items: installed_sw/stunnel

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-2400

BID: 29285

CWE: 264

Secunia: 30297