CVE-2013-1762

Sažetak

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Reference

http://rhn.redhat.com/errata/RHSA-2013-0714.html
http://www.debian.org/security/2013/dsa-2664
http://www.mandriva.com/security/advisories?name=MDVSA-2013:130
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097
https://www.stunnel.org/CVE-2013-1762.html

CVSS

Base:	6.6
Impact:	8.5
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	COMPLETE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:C

Zadnje važnije ažuriranje

17-01-2014 - 05:13

Objavljeno

08-03-2013 - 18:55