Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
2003-10-20T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 4.6 (MEDIUM)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | stunnel | stunnel | 3.3 | Yes |
| Application | stunnel | stunnel | 3.4a | Yes |
| Application | stunnel | stunnel | 3.7 | Yes |
| Application | stunnel | stunnel | 3.8 | Yes |
| Application | stunnel | stunnel | 3.9 | Yes |
| Application | stunnel | stunnel | 3.10 | Yes |
| Application | stunnel | stunnel | 3.11 | Yes |
| Application | stunnel | stunnel | 3.12 | Yes |
| Application | stunnel | stunnel | 3.13 | Yes |
| Application | stunnel | stunnel | 3.14 | Yes |
| Application | stunnel | stunnel | 3.15 | Yes |
| Application | stunnel | stunnel | 3.16 | Yes |
| Application | stunnel | stunnel | 3.17 | Yes |
| Application | stunnel | stunnel | 3.18 | Yes |
| Application | stunnel | stunnel | 3.19 | Yes |
| Application | stunnel | stunnel | 3.20 | Yes |
| Application | stunnel | stunnel | 3.21 | Yes |
| Application | stunnel | stunnel | 3.21a | Yes |
| Application | stunnel | stunnel | 3.21b | Yes |
| Application | stunnel | stunnel | 3.21c | Yes |
| Application | stunnel | stunnel | 3.22 | Yes |
| Application | stunnel | stunnel | 3.24 | Yes |
| Application | stunnel | stunnel | 4.0 | Yes |