Title

A buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation

Exploitability

The vulnerability is exploitable under the following conditions:

Impact

The vulnerability may be exploited for arbitrary code execution. The code is executed within the configured chroot directory, with privileges of the configured user and group.

CVSS v2 Score

CVSS v2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:C/E:P/RL:O/RC:C)

Recommendation

Upgrade to stunnel 4.55, or disable the NTLM authentication.

Credits

Timeline

Our supporters:
Go to the top