Bug 964844 - VUL-1: socat: Stack overflow in parser
VUL-1: socat: Stack overflow in parser
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Marcus Meissner
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-03 08:45 UTC by Andreas Stieger
Modified: 2019-12-04 15:40 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Fix socat security advisory 8: stack overflow in nestlex() (4.62 KB, patch)
2016-02-04 10:26 UTC, Peter Simons
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-02-03 08:45:37 UTC
http://www.openwall.com/lists/oss-security/2016/02/01/5

Socat security advisory 8 - Stack overflow in parser

Overview
  A stack overflow vulnerability was found that can be triggered when
  command line arguments (complete address specifications, host names,
  file names) are longer than 512 bytes.
  Successful exploitation might allow an attacker to execute arbitrary code
  with the privileges of the socat process.
  This vulnerability can only be exploited when an attacker is able to
  inject data into socat's command line.
  A vulnerable scenario would be a CGI script that reads data from
  clients and uses (parts of) this data as hostname for a Socat
  invocation.

Vulnerability Ids
    Socat security issue 8

Severity: Low

Affected versions: 1.5.0.0 - 1.7.3.0, 2.0.0-b1 - 2.0.0-b8

Not affected or corrected versions
  1.0.0.0 - 1.4.3.1
  1.7.3.1 and later
  2.0.0-b9 and later

Workaround
  Do not pass unfiltered data from untrusted sources to socat's command line


Already submitted for openSUSE:Factory:
https://build.opensuse.org/request/show/357374
Comment 4 Swamp Workflow Management 2016-02-03 23:00:17 UTC
bugbot adjusting priority
Comment 5 Peter Simons 2016-02-04 08:53:12 UTC
This issue is fixed by commit 226c555edb82f6901d7d7448d93e6d09b1132c73. The test.sh script included in the distribution has been updated, too.
Comment 6 Peter Simons 2016-02-04 10:26:25 UTC
Created attachment 664427 [details]
Fix socat security advisory 8: stack overflow in nestlex()

Minimal patch extracted from upstream commit 226c555edb82f6901d7d7448d93e6d09b1132c73.
Comment 9 Bernhard Wiedemann 2016-02-04 15:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (964844) was mentioned in
https://build.opensuse.org/request/show/357738 13.2 / socat
https://build.opensuse.org/request/show/357740 42.1 / socat
Comment 10 Swamp Workflow Management 2016-02-05 12:12:34 UTC
SUSE-SU-2016:0343-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 821985,860991,964844
CVE References: CVE-2013-3571,CVE-2014-0019
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    socat-1.7.0.0-1.18.2
SUSE Linux Enterprise Desktop 11-SP4 (src):    socat-1.7.0.0-1.18.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    socat-1.7.0.0-1.18.2
Comment 11 Swamp Workflow Management 2016-02-05 12:13:14 UTC
SUSE-SU-2016:0344-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 938913,964844
CVE References: CVE-2015-4000
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    socat-1.7.2.4-3.1
SUSE Linux Enterprise Server 12 (src):    socat-1.7.2.4-3.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    socat-1.7.2.4-3.1
SUSE Linux Enterprise Desktop 12 (src):    socat-1.7.2.4-3.1
Comment 12 Marcus Meissner 2016-02-05 12:39:13 UTC
released
Comment 13 Bernhard Wiedemann 2016-02-08 15:00:18 UTC
This is an autogenerated message for OBS integration:
This bug (964844) was mentioned in
https://build.opensuse.org/request/show/358365 13.2 / socat
https://build.opensuse.org/request/show/358366 42.1 / socat
Comment 14 Swamp Workflow Management 2016-02-16 20:13:09 UTC
openSUSE-SU-2016:0478-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 938913,964844
CVE References: CVE-2015-4000
Sources used:
openSUSE Leap 42.1 (src):    socat-1.7.3.1-6.1
openSUSE 13.2 (src):    socat-1.7.3.1-2.3.1
Comment 15 Swamp Workflow Management 2016-02-17 00:11:32 UTC
openSUSE-SU-2016:0483-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 938913,964844
CVE References: CVE-2015-4000
Sources used:
openSUSE 13.1 (src):    socat-1.7.3.1-2.6.1