Debian: DSA-2090-1: New socat packages fix arbitrary code execution

    Date06 Aug 2010
    CategoryDebian
    43
    Posted ByLinuxSecurity Advisories
    A stack overflow vulnerability was found in socat that allows an attacker to execute arbitrary code with the privileges of the socat process.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2090-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                            Luciano Bello
    August 06, 2010                       http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : socat
    Vulnerability  : incorrect user-input validation
    Problem type   : remote
    Debian-specific: no
    Debian bug     : 591443
    CVE ID         : CVE-2010-2799
    
    A stack overflow vulnerability was found in socat that allows an 
    attacker to execute arbitrary code with the privileges of the socat
    process.
    
    This vulnerability can only be exploited when an attacker is able to 
    inject more than 512 bytes of data into socat's argument.
    
    A vulnerable scenario would be a CGI script that reads data from 
    clients and uses (parts of) this data as argument for a socat 
    invocation.
    
    For the stable distribution (lenny), this problem has been fixed in 
    version 1.6.0.1-1+lenny1.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.7.1.3-1.
    
    We recommend that you upgrade your socat package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1.orig.tar.gz
        Size/MD5 checksum:   489105 5a6a1d1e398d5c4d32fa6515baf477af
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1.dsc
        Size/MD5 checksum:     1013 157ca774934ca80c6a94c1b741a9093b
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1.diff.gz
        Size/MD5 checksum:     4381 7e52b5124379d307c379b6ecf70284f0
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_alpha.deb
        Size/MD5 checksum:   341794 8bd7ad19df1117ec16195fa75a127706
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_amd64.deb
        Size/MD5 checksum:   330554 3106c700362d15d5f1ef3ebb68e6805c
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_arm.deb
        Size/MD5 checksum:   312612 2a70ed46e9491e800a77823b0217abbb
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_armel.deb
        Size/MD5 checksum:   315430 08e6b5a7b9eda8dbe3173c115c8e1796
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_hppa.deb
        Size/MD5 checksum:   331510 d1802193cb2a2f28ef51d8c07f5e374b
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_i386.deb
        Size/MD5 checksum:   316594 24c9775f51968d945266e7a28b9d103a
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_ia64.deb
        Size/MD5 checksum:   387414 c2bbf057264a8387df441dd3a9bbc330
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_mips.deb
        Size/MD5 checksum:   333986 48385d0f66ea5397bc718c0e2af6b056
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_mipsel.deb
        Size/MD5 checksum:   328748 3f2edf664abb7e8318f5a5c3b9c35991
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_powerpc.deb
        Size/MD5 checksum:   339838 77db34fb93c8bd07590729d3e1aaa98d
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_s390.deb
        Size/MD5 checksum:   329612 56dc31e55ccb561742fe751993200255
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_sparc.deb
        Size/MD5 checksum:   312724 96fa647e83461a5f2fd1678d6da6ee27
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":21.43,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"3","type":"x","order":"3","pct":21.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.