Re: Stunnel: Format String Bug update

[Roman Drahtmueller <draht@xxxxxxx>]

> The versions listed in the original advisory were wrong.
> Stunnel versions prior to 3.15 did not contain any smtp
> client negotiation code, only server code which is not
> vulnerable.  The buggy smtp, pop, and nntp client code
> wasn't added until version 3.15, not 3.3 as I originally
> reported.
>
> Versions prior to 3.15 are not vulnerable.  The misdiagnosis
> was caused by an abundance of migranes, illness, and vomitting
> in my household which is luckily starting to abate.

The SuSE Linux distributions 7.2 and 7.3 as well as SLES7 have
stunnel-3.14 (unpatched). It does have protocol-dependent code, but there
are no format string bugs that are exploitable (only "unclean" lines like
fdprintf(local, "220 Go ahead", line); ).

You have to dig into it for a few minutes. The version statement does not
hold.

[...]

>
> Update Date:           2-Jan-2002
> Original Release Date: 22-Dec-2001
>
> Package:               stunnel
> Versions:              stunnel-3.15 => stunnel-3.21c
> Problem type:          format string bugs


Roman.
-- 
 -                                                                      -
| Roman Drahtmüller      <draht@xxxxxxx> // "You don't need eyes to see, |
  SuSE GmbH - Security           Phone: //             you need vision!"
| Nürnberg, Germany     +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -