Red Hat Bugzilla – Bug 620426
CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns
Last modified: 2010-09-14 16:33:55 EDT
Socat upstream, released an advisory:
describing a stack overflow flaw, present in Socat bidirectional data
relay, when processing command line arguments (address specifications,
host names, file names), longer than 512 bytes. An attacker, able to
inject data into sockat's command line (potentially remotely via CGI
script invocation), could use this flaw to execute arbitrary code with
the privileges of the socat process.
Upstream patch against v1.7.2:
Issue discovered and reported by Felix Gröbert of Google Security Team
This issue affects the versions of the socat package, as shipped
with Fedora releases of 12 and 13.
Created socat tracking bugs for this issue
Affects: fedora-all [bug 620430]
The CVE identifier of CVE-2010-2799 has been assigned to this.
*** This bug has been marked as a duplicate of bug 620430 ***
This shouldn't been closed as a duplicate of the tracking bug.