socat: Arbitrary code execution

2012-08-14T00:00:00
ID GLSA-201208-01
Type gentoo
Reporter Gentoo Foundation
Modified 2012-08-14T00:00:00

Description

Background

socat is a multipurpose bidirectional relay, similar to netcat.

Description

A vulnerability in the "xioscan_readline()" function in xio-readline.c could cause a heap-based buffer overflow.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the socat process.

Workaround

There is no known workaround at this time.

Resolution

All socat users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/socat-1.7.2.1"