GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Sep 06, 2012 3:51 am Post subject: [ GLSA 201208-01 ] socat: Arbitrary code execution |
 |
|
Gentoo Linux Security Advisory
Title: socat: Arbitrary code execution (GLSA 201208-01)
Severity: high
Exploitable: local, remote
Date: August 14, 2012
Bug(s): #415977
ID: 201208-01
Synopsis
A buffer overflow in socat might allow remote attackers to execute
arbitrary code.
Background
socat is a multipurpose bidirectional relay, similar to netcat.
Affected Packages
Package: net-misc/socat
Vulnerable: < 1.7.2.1
Unaffected: >= 1.7.2.1
Architectures: All supported architectures
Description
A vulnerability in the "xioscan_readline()" function in xio-readline.c
could cause a heap-based buffer overflow.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the socat process.
Workaround
There is no known workaround at this time.
Resolution
All socat users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/socat-1.7.2.1"
|
References
CVE-2012-0219
Socat security advisory 3
Last edited by GLSA on Mon May 19, 2014 4:31 am; edited 2 times in total |
|
News & Announcements
