Joined: 12 May 2004
|Posted: Thu Sep 06, 2012 3:51 am Post subject: [ GLSA 201208-01 ] socat: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: socat: Arbitrary code execution (GLSA 201208-01)
Exploitable: local, remote
Date: August 14, 2012
A buffer overflow in socat might allow remote attackers to execute
socat is a multipurpose bidirectional relay, similar to netcat.
Vulnerable: < 220.127.116.11
Unaffected: >= 18.104.22.168
Architectures: All supported architectures
A vulnerability in the "xioscan_readline()" function in xio-readline.c
could cause a heap-based buffer overflow.
A remote attacker could possibly execute arbitrary code with the
privileges of the socat process.
There is no known workaround at this time.
All socat users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/socat-22.214.171.124"
Socat security advisory 3