socat: Arbitrary code execution — GLSA 201208-01

A buffer overflow in socat might allow remote attackers to execute arbitrary code.

Affected packages

net-misc/socat on all architectures
Affected versions < 1.7.2.1
Unaffected versions >= 1.7.2.1

Background

socat is a multipurpose bidirectional relay, similar to netcat.

Description

A vulnerability in the "xioscan_readline()" function in xio-readline.c could cause a heap-based buffer overflow.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the socat process.

Workaround

There is no known workaround at this time.

Resolution

All socat users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/socat-1.7.2.1"
 

References

Release date
August 14, 2012

Latest revision
August 14, 2012: 1

Severity
high

Exploitable
local, remote

Bugzilla entries