Bug 821552 - (CVE-2012-0219) CVE-2012-0219 socat: heap-based buffer overflow flaw leads to arbitrary code execution
CVE-2012-0219 socat: heap-based buffer overflow flaw leads to arbitrary code ...
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120514,repo...
: Security
Depends On: 821553 821554
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-14 17:59 EDT by Vincent Danen
Modified: 2015-01-05 08:08 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-27 23:51:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-05-14 17:59:50 EDT
A heap-based buffer overflow flaw was found in socat with data that happens to be output on the READLINE address.  The READLINE address is usually only used interactively, without the "prompt" and "noprompt" options.  If an attacker were able to provide malicious data to the other (arbitrary) address that is then transferred to socat's READLINE address for output, they would be able to execute arbitrary code with the privileges of the socat process.

To work around this flaw, you can use the "prompt" or "noprompt" options with the READLINE address.

This has been corrected upstream [1] in versions 1.7.2.1 and 2.0.0-b5; patches are available.

[1] http://www.dest-unreach.org/socat/contrib/socat-secadv3.html
Comment 1 Vincent Danen 2012-05-14 18:01:02 EDT
Created socat tracking bugs for this issue

Affects: fedora-all [bug 821553]
Affects: epel-all [bug 821554]

Note You need to log in before you can comment on or make changes to this bug.