> The versions listed in the original advisory were wrong. > Stunnel versions prior to 3.15 did not contain any smtp > client negotiation code, only server code which is not > vulnerable. The buggy smtp, pop, and nntp client code > wasn't added until version 3.15, not 3.3 as I originally > reported. > > Versions prior to 3.15 are not vulnerable. The misdiagnosis > was caused by an abundance of migranes, illness, and vomitting > in my household which is luckily starting to abate. The SuSE Linux distributions 7.2 and 7.3 as well as SLES7 have stunnel-3.14 (unpatched). It does have protocol-dependent code, but there are no format string bugs that are exploitable (only "unclean" lines like fdprintf(local, "220 Go ahead", line); ). You have to dig into it for a few minutes. The version statement does not hold. [...] > > Update Date: 2-Jan-2002 > Original Release Date: 22-Dec-2001 > > Package: stunnel > Versions: stunnel-3.15 => stunnel-3.21c > Problem type: format string bugs Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -