CVE-2003-0740
Description
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
Risk Information
Base Score
5.9
MODERATE
Vector
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.116
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in stunnel 3.3 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.4a | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.7 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.8 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.10 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.11 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.12 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.13 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.14 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.15 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.16 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.17 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.18 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.19 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.20 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21a | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21b | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21c | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.22 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.24 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.9 | Windows |
| Vulnerabilities CVE-2003-0147,CVE-2003-0740,CVE-2008-2400,CVE-2014-0016 are affected in stunnel 4.0 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234