vendor:
Stunnel
by:
Steve Grubb
7.5
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: Stunnel
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
Stunnel Privilege Escalation
The exploit technique involves forking so that stunnel cannot find the attacker when it dies. Then sending stunnel a SIGUSR2 signal, which generally kills programs. Since the attacker is a child of stunnel, the OS will deliver the signal. Finally, the attacker selects on the leaked descriptor and starts serving pages.
Mitigation:
Update Stunnel to the latest version that addresses this vulnerability.