Remote / Network Access,
Local / Remote,
Loss of Integrity
proxytunnel contains a flaw that may allow a malicious proxy server to perform format string attacks. The issue is due to improper use of syslog() by the messages.c message() function. It is possible that the flaw may allow remote arbitrary code execution resulting in a loss of integrity.
Upgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.