CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
99.9%
The version of stunnel installed on the remote host is prior to version 5.01. It is, therefore, affected by an information disclosure vulnerability in the bundled OpenSSL DLLs. A remote attacker can read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(73500);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id("CVE-2014-0160");
script_bugtraq_id(66690);
script_xref(name:"CERT", value:"720951");
script_xref(name:"EDB-ID", value:"32745");
script_xref(name:"EDB-ID", value:"32764");
script_xref(name:"EDB-ID", value:"32791");
script_xref(name:"EDB-ID", value:"32998");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/25");
script_name(english:"stunnel < 5.01 OpenSSL Heartbeat Information Disclosure (Heartbleed)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a program that is affected by an
information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of stunnel installed on the remote host is prior to
version 5.01. It is, therefore, affected by an information disclosure
vulnerability in the bundled OpenSSL DLLs. A remote attacker can read
the contents of up to 64KB of server memory, potentially exposing
passwords, private keys, and other sensitive data.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://www.stunnel.org/?page=sdf_ChangeLog");
# https://www.stunnel.org/pipermail/stunnel-announce/2014-April/000075.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52a6ced6");
script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com");
script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt");
script_set_attribute(attribute:"solution", value:
"Upgrade to stunnel version 5.01 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0160");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:stunnel:stunnel");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("stunnel_installed.nasl");
script_require_keys("installed_sw/stunnel");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app = 'stunnel';
install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
version = install["version"];
path = install["path"];
# Affected < 5.01
if (
version =~ "^[0-4]($|[^0-9])" ||
version =~ "^5\.00($|[^0-9])"
)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : 5.01\n';
security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
99.9%