Re: Socat security advisory 6 - Possible DoS with fork

[cve-assign () mitre org]

> Socat security advisory 6 - Possible DoS with fork
>
> Overview
>  socats signal handler implementations are not async-signal-safe and
>  can cause crash or freeze of socat processes
>
> Vulnerability Id: (pending)
>
> Severity: Low
>
> Details
>  Socats signal handler implementations are not asnyc-signal-safe. When
>  a signal is triggered while the process is within a non
>  async-signal-safe function the signal handler will call a non
>  sync-signal-safe function too. POSIX specifies the behaviour in this
>  situation as undefined. Dependend on involved functions, libraries,
>  and operating system, the process can continue, freeze, or crash.
>  Mostly this issue occurs when socat is in listening mode with fork
>  option and a couple of child processes terminate at the same time.
>
> Testcase
>  none
>
> Affected versions
>  1.0.0.0 - 1.7.2.4
>  2.0.0-b1 - 2.0.0-b7
>
> Not affected or corrected versions
>  1.7.3.0 and later
>  2.0.0-b8 (to be released) and later
>
> Workaround
>  none
>
> Download
>  The updated sources can be downloaded from:
>
>    http://www.dest-unreach.org/socat/download/socat-1.7.3.0.tar.gz
>
> Credits
>   Credits to Peter Lobsinger

Use CVE-2015-1379.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]