Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C56CCF1.4050700@redhat.com>
Date: Mon, 02 Aug 2010 15:49:37 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>
Subject: CVE Request -- Socat -- Stack overflow by lexical scanning of nested
 character patterns

Hi Steve, vendors,

   Socat upstream, released an advisory:
   [1] http://www.dest-unreach.org/socat/contrib/socat-secadv2.html

describing a stack overflow flaw, present in Socat bidirectional data relay, when
processing command line arguments (address specifications, host names, file names),
longer than 512 bytes. An attacker, able to to inject data into sockat's command line
(potentially remotely via CGI script invocation), could use this flaw to execute
arbitrary code with the privileges of the socat process.

References:
   [2] http://bugs.gentoo.org/show_bug.cgi?id=330785

Upstream patch against v1.7.2:
   [3] http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch

Credit:
Issue discovered and reported by Felix Gröbert of Google Security Team

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.