CVE-2013-1762
published 2013-03-08CVE-2013-1762: stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows…
PriorityP338medium6.6CVSS 2.0
AVNACHAuNCPIPAC
EPSS
2.93%
85.4th percentile
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | stunnel4 | < stunnel4 3:4.53-1.1 (bookworm) | stunnel4 3:4.53-1.1 (bookworm) |
| stunnel | stunnel | <= 4.54 | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
CVSS provenance
nvdv2.06.6MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:C
osv6.6MEDIUM
vendor_debian6.6MEDIUM
vendor_redhat6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
vendor_redhat·2013-03-03·CVSS 6.6
CVE-2013-1762 [MEDIUM] Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Statement: This issue did not affect the version of the stunnel package as shipped with Red Hat Enterprise Linux 5.
Package: stunnel (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2013-1762: stunnel4 - stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentica...
vendor_debian·2013·CVSS 6.6
CVE-2013-1762 [MEDIUM] CVE-2013-1762: stunnel4 - stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentica...
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Scope: local
bookworm: resolved (fixed in 3:4.53-1.1)
bullseye: resolved (fixed in 3:4.53-1.1)
forky: resolved (fixed in 3:4.53-1.1)
sid: resolved (fixed in 3:4.53-1.1)
trixie: resolved (fixed in 3:4.53-1.1)
GHSA
GHSA-997q-cp6v-cm6w: stunnel 4
ghsa_unreviewed·2022-05-17
CVE-2013-1762 [MEDIUM] CWE-94 GHSA-997q-cp6v-cm6w: stunnel 4
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
OSV
CVE-2013-1762: stunnel 4
osv·2013-03-08·CVSS 6.6
CVE-2013-1762 [MEDIUM] CVE-2013-1762: stunnel 4
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4452 JBoss ON: World readable configuration files expose sensitive data
bugzilla·2013-10-22·CVSS 2.1
CVE-2013-4452 [LOW] CVE-2013-4452 JBoss ON: World readable configuration files expose sensitive data
CVE-2013-4452 JBoss ON: World readable configuration files expose sensitive data
It was identified that the JBoss Operation Network configuration files, for both the server and the agent, were world readable by default. A malicious local user can read sensitive information regarding the installation, which includes various credentials.
Discussion:
Acknowledgements:
This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.
---
This issue has been addressed in following products:
JBoss Operations Network 3.1.2
Via RHSA-2013:1762 https://rhn.redhat.com/errata/RHSA-2013-1762.html
Bugzilla
CVE-2013-1762 Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
bugzilla·2013-03-04·CVSS 6.6
CVE-2013-1762 [MEDIUM] CVE-2013-1762 Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
CVE-2013-1762 Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
Michal Trojnara reports:
A buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
Exploitability
The vulnerability is exploitable under the following conditions:
-Stunnel versions 4.21 until 4.54.
-Stunnel compiled as a 64-bit executable. Any 32-bit builds, including pre-compiled Win32 binaries, are not vulnerable.
-Service configured in SSL client mode ("client = yes").
-CONNECT protocol negotiation enabled ("protocol = connect").
-NTLM authentication enabled ("protocolAuthentication = NTLM").
-The attacker able either to control the proxy server specified as a pa
http://rhn.redhat.com/errata/RHSA-2013-0714.htmlhttp://www.debian.org/security/2013/dsa-2664http://www.mandriva.com/security/advisories?name=MDVSA-2013:130https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097https://www.stunnel.org/CVE-2013-1762.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0714.htmlhttp://www.debian.org/security/2013/dsa-2664http://www.mandriva.com/security/advisories?name=MDVSA-2013:130https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097https://www.stunnel.org/CVE-2013-1762.html
2013-03-08
Published