oss-sec mailing list archives
CVE Request -- Socat -- Stack overflow by lexical scanning of nested character patterns
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 02 Aug 2010 15:49:37 +0200
Hi Steve, vendors, Socat upstream, released an advisory: [1] http://www.dest-unreach.org/socat/contrib/socat-secadv2.html describing a stack overflow flaw, present in Socat bidirectional data relay, when processing command line arguments (address specifications, host names, file names), longer than 512 bytes. An attacker, able to to inject data into sockat's command line (potentially remotely via CGI script invocation), could use this flaw to execute arbitrary code with the privileges of the socat process. References: [2] http://bugs.gentoo.org/show_bug.cgi?id=330785 Upstream patch against v1.7.2: [3] http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch Credit: Issue discovered and reported by Felix Gröbert of Google Security Team Could you allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Socat -- Stack overflow by lexical scanning of nested character patterns Jan Lieskovsky (Aug 02)
- Re: CVE Request -- Socat -- Stack overflow by lexical scanning of nested character patterns Josh Bressers (Aug 02)