oss-sec mailing list archives

Re: CVE Request -- Socat -- Stack overflow by lexical scanning of nested character patterns

From: Josh Bressers <bressers () redhat com>
Date: Mon, 2 Aug 2010 16:02:40 -0400 (EDT)

Please use CVE-2010-2799

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hi Steve, vendors,

   Socat upstream, released an advisory:
   [1] http://www.dest-unreach.org/socat/contrib/socat-secadv2.html

describing a stack overflow flaw, present in Socat bidirectional data
relay, when
processing command line arguments (address specifications, host names,
file names),
longer than 512 bytes. An attacker, able to to inject data into
sockat's command line
(potentially remotely via CGI script invocation), could use this flaw
to execute
arbitrary code with the privileges of the socat process.

References:
   [2] http://bugs.gentoo.org/show_bug.cgi?id=330785

Upstream patch against v1.7.2:
   [3] http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch

Credit:
Issue discovered and reported by Felix Gröbert of Google Security
Team

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Socat -- Stack overflow by lexical scanning of nested character patterns Jan Lieskovsky (Aug 02)
- Re: CVE Request -- Socat -- Stack overflow by lexical scanning of nested character patterns Josh Bressers (Aug 02)