Hide Forgot
Florian Weimer of the Red Hat Product Security Team discovered a denial of service flaw in socat. Due to a missing check during assembly of the HTTP request line a long target server name (<hostname> in the documentation) of the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources. This flaw affects socat versions 1.3.0.0 through to 1.7.2.2; it is corrected in 1.7.2.3. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Created attachment 855124 [details] upstream patch to correct the flaw
This issue is now public: http://seclists.org/oss-sec/2014/q1/159
Created socat tracking bugs for this issue: Affects: fedora-all [bug 1058996]
socat-1.7.2.3-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
socat-1.7.2.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
socat-1.7.2.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Statement: The Red Hat Security Response Team has rated this issue as having Low security impact on OpenShift Enterprise, a future update may address this flaw.