{"id": "SECURITYVULNS:DOC:29443", "bulletinFamily": "software", "title": "[ MDVSA-2013:169 ] socat", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:169\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : socat\r\n Date : May 29, 2013\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in socat:\r\n \r\n A heap based buffer overflow vulnerability has been found with\r\n data that happens to be output on the READLINE address. Successful\r\n exploitation may allow an attacker to execute arbitrary code with\r\n the privileges of the socat process (CVE-2012-0219).\r\n \r\n Under certain circumstances an FD leak occurs and can be misused\r\n for denial of service attacks against socat running in server mode\r\n (CVE-2013-3571).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0219\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3571\r\n http://www.dest-unreach.org/socat/contrib/socat-secadv3.html\r\n http://www.dest-unreach.org/socat/contrib/socat-secadv4.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n 858847746044d4a209599693d9f80f62 mes5/i586/socat-1.6.0.0-4.2mdvmes5.2.i586.rpm \r\n 9cf3c6dc4dc0d39db91b9c8ef53abab0 mes5/SRPMS/socat-1.6.0.0-4.2mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n d7b31e75575a4af13e77889e3228f74d mes5/x86_64/socat-1.6.0.0-4.2mdvmes5.2.x86_64.rpm \r\n 9cf3c6dc4dc0d39db91b9c8ef53abab0 mes5/SRPMS/socat-1.6.0.0-4.2mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFRpasXmqjQ0CJFipgRAu+5AKCD1WdepcJ47gHUUlsfgBcBRaOKIgCfbnGm\r\nwb6h/I6ph2LgUD7Iq/ziWpk=\r\n=yBWK\r\n-----END PGP SIGNATURE-----\r\n", "published": "2013-06-04T00:00:00", "modified": "2013-06-04T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29443", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2012-0219", "CVE-2013-3571"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:48", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:10:48", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["SOL14919", "F5:K14919"]}, {"type": "cve", "idList": ["CVE-2012-0219", "CVE-2013-3571"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13104"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231071851", "OPENVAS:136141256231071376", "OPENVAS:1361412562310864286", "OPENVAS:1361412562310864379", "OPENVAS:71376", "OPENVAS:71851", "OPENVAS:864379", "OPENVAS:865785", "OPENVAS:864286", "OPENVAS:1361412562310865785"]}, {"type": "fedora", "idList": ["FEDORA:216C9211AE", "FEDORA:6730020C8D", "FEDORA:066CE21EE4", "FEDORA:C9F5F20D15", "FEDORA:9B8742132B"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2013-127.NASL", "FEDORA_2012-8274.NASL", "FEDORA_2013-9505.NASL", "OPENSUSE-2012-348.NASL", "FEDORA_2012-8328.NASL", "FREEBSD_PKG_6601127C9E0911E1B5E0000C299B62E1.NASL", "FREEBSD_PKG_6D87C2E9C64D11E29C2250465D9FF992.NASL", "F5_BIGIP_SOL14919.NASL", "ALA_ALAS-2012-87.NASL", "GENTOO_GLSA-201208-01.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201208-01"]}, {"type": "amazon", "idList": ["ALAS-2013-202", "ALAS-2012-087"]}, {"type": "freebsd", "idList": ["6D87C2E9-C64D-11E2-9C22-50465D9FF992", "6601127C-9E09-11E1-B5E0-000C299B62E1"]}], "modified": "2018-08-31T11:10:48", "rev": 2}, "vulnersScore": 6.8}, "affectedSoftware": []}

{"f5": [{"lastseen": "2017-06-08T00:16:34", "bulletinFamily": "software", "cvelist": ["CVE-2012-0219", "CVE-2013-3571", "CVE-2010-2799"], "edition": 1, "description": "\nF5 Product Development tracked this vulnerability as ID 437285 (BIG-IP), ID 442612 (Enterprise Manager), and ID 442611 (BIG-IQ), and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H446709 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP AAM| 11.4.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| bash CLI \nBIG-IP AFM| 11.3.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| bash CLI \nBIG-IP Analytics| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| bash CLI \nBIG-IP APM| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.1.0 - 10.2.4| bash CLI \nBIG-IP ASM| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0| 11.2.1 HF16 \n10.1.0 - 10.2.4| bash CLI \nBIG-IP GTM| 11.0.0 - 11.5.4| 11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP Link Controller| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP PEM| 11.3.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| bash CLI \nBIG-IP PSM| 11.0.0 - 11.4.1| 11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0| 11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP WOM| 11.0.0 - 11.3.0| 11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nARX| None| 6.0.0 - 6.4.0 \n5.0.0 - 5.3.1| None \nEnterprise Manager| 3.0.0 - 3.1.1| 2.0.0 - 2.3.0| bash CLI \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| bash CLI \nBIG-IQ Security| 4.0.0 - 4.5.0| None| bash CLI \nBIG-IQ Device| 4.2.0 - 4.5.0| None| bash CLI \nBIG-IQ Centralized Management| 4.6.0| 5.0.0 - 5.1.0| bash CLI \nBIG-IQ Cloud and Orchestration| None| 1.0.0| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-10T00:56:00", "published": "2014-01-17T01:52:00", "href": "https://support.f5.com/csp/article/K14919", "id": "F5:K14919", "title": "Socat vulnerabilities CVE-2010-2799, CVE-2012-0219, and CVE-2013-3571", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-25T17:24:55", "bulletinFamily": "software", "cvelist": ["CVE-2012-0219", "CVE-2013-3571", "CVE-2010-2799"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-10-25T00:00:00", "published": "2014-01-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14919.html", "id": "SOL14919", "title": "SOL14919 - Socat vulnerabilities CVE-2010-2799, CVE-2012-0219, and CVE-2013-3571", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2021-02-02T05:59:44", "description": "Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.", "edition": 4, "cvss3": {}, "published": "2012-06-21T15:55:00", "title": "CVE-2012-0219", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0219"], "modified": "2014-05-10T03:39:00", "cpe": ["cpe:/a:dest-unreach:socat:1.7.2.0", "cpe:/a:dest-unreach:socat:1.6.0.1", "cpe:/a:dest-unreach:socat:1.4.0.3", "cpe:/a:dest-unreach:socat:1.4.3.1", "cpe:/a:dest-unreach:socat:1.7.0.1", "cpe:/a:dest-unreach:socat:1.4.0.1", "cpe:/a:dest-unreach:socat:1.4.0.2", "cpe:/a:dest-unreach:socat:1.7.1.3", "cpe:/a:dest-unreach:socat:1.7.1.0", "cpe:/a:dest-unreach:socat:1.7.0.0", "cpe:/a:dest-unreach:socat:1.4.1.0", "cpe:/a:dest-unreach:socat:1.4.2.0", "cpe:/a:dest-unreach:socat:1.4.0.0", "cpe:/a:dest-unreach:socat:1.7.1.1", "cpe:/a:dest-unreach:socat:1.7.1.2", "cpe:/a:dest-unreach:socat:1.6.0.0", "cpe:/a:dest-unreach:socat:1.5.0.0", "cpe:/a:dest-unreach:socat:2.0.0"], "id": "CVE-2012-0219", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0219", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:dest-unreach:socat:1.4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b2:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b1:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b3:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b4:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:54", "description": "socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.", "edition": 4, "cvss3": {}, "published": "2014-05-08T14:29:00", "title": "CVE-2013-3571", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3571"], "modified": "2014-05-09T14:00:00", "cpe": ["cpe:/a:dest-unreach:socat:1.7.2.0", "cpe:/a:dest-unreach:socat:1.3.0.1", "cpe:/a:dest-unreach:socat:1.4.3.0", "cpe:/a:dest-unreach:socat:1.3.2.0", "cpe:/a:dest-unreach:socat:1.6.0.1", "cpe:/a:dest-unreach:socat:1.4.0.3", "cpe:/a:dest-unreach:socat:1.3.2.1", "cpe:/a:dest-unreach:socat:1.4.3.1", "cpe:/a:dest-unreach:socat:1.7.0.1", "cpe:/a:dest-unreach:socat:1.4.0.1", "cpe:/a:dest-unreach:socat:1.4.0.2", "cpe:/a:dest-unreach:socat:1.7.1.3", "cpe:/a:dest-unreach:socat:1.7.1.0", "cpe:/a:dest-unreach:socat:1.7.0.0", "cpe:/a:dest-unreach:socat:1.4.1.0", "cpe:/a:dest-unreach:socat:1.4.2.0", "cpe:/a:dest-unreach:socat:1.3.0.0", "cpe:/a:dest-unreach:socat:1.4.0.0", "cpe:/a:dest-unreach:socat:1.2.0.0", "cpe:/a:dest-unreach:socat:1.7.1.1", "cpe:/a:dest-unreach:socat:1.7.2.1", "cpe:/a:dest-unreach:socat:1.7.1.2", "cpe:/a:dest-unreach:socat:1.6.0.0", "cpe:/a:dest-unreach:socat:1.5.0.0", "cpe:/a:dest-unreach:socat:1.3.2.2", "cpe:/a:dest-unreach:socat:1.3.1.0", "cpe:/a:dest-unreach:socat:2.0.0"], "id": "CVE-2013-3571", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3571", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:dest-unreach:socat:1.4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b2:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b1:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b5:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b3:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:2.0.0:b4:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:dest-unreach:socat:1.3.0.1:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "cvelist": ["CVE-2012-0219", "CVE-2013-3571"], "description": "Buffer overflow, file descriptor leakage.", "edition": 1, "modified": "2013-06-04T00:00:00", "published": "2013-06-04T00:00:00", "id": "SECURITYVULNS:VULN:13104", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13104", "title": "socat security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0219", "CVE-2013-3571"], "description": "Socat is a relay for bidirectional data transfer between two independent da ta channels. Each of these data channels may be a file, pipe, device (serial l ine etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the G NU line editor (readline), a program, or a combination of two of these. The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues. ", "modified": "2013-06-11T09:09:55", "published": "2013-06-11T09:09:55", "id": "FEDORA:216C9211AE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: socat-1.7.2.2-1.fc17", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0219"], "description": "Socat is a relay for bidirectional data transfer between two independent da ta channels. Each of these data channels may be a file, pipe, device (serial l ine etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the G NU line editor (readline), a program, or a combination of two of these. The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues. ", "modified": "2012-06-07T02:41:16", "published": "2012-06-07T02:41:16", "id": "FEDORA:6730020C8D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: socat-1.7.2.1-1.fc16", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0219"], "description": "Socat is a relay for bidirectional data transfer between two independent da ta channels. Each of these data channels may be a file, pipe, device (serial l ine etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the G NU line editor (readline), a program, or a combination of two of these. The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues. ", "modified": "2012-06-01T17:04:30", "published": "2012-06-01T17:04:30", "id": "FEDORA:066CE21EE4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: socat-1.7.2.1-1.fc17", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3571"], "description": "Socat is a relay for bidirectional data transfer between two independent da ta channels. Each of these data channels may be a file, pipe, device (serial l ine etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the G NU line editor (readline), a program, or a combination of two of these. The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues. ", "modified": "2013-06-10T03:22:47", "published": "2013-06-10T03:22:47", "id": "FEDORA:9B8742132B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: socat-1.7.2.2-1.fc19", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3571"], "description": "Socat is a relay for bidirectional data transfer between two independent da ta channels. Each of these data channels may be a file, pipe, device (serial l ine etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the G NU line editor (readline), a program, or a combination of two of these. The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues. ", "modified": "2013-06-11T09:05:56", "published": "2013-06-11T09:05:56", "id": "FEDORA:C9F5F20D15", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: socat-1.7.2.2-1.fc18", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2018-01-19T15:08:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219", "CVE-2013-3571"], "description": "Check for the Version of socat", "modified": "2018-01-19T00:00:00", "published": "2013-06-13T00:00:00", "id": "OPENVAS:865785", "href": "http://plugins.openvas.org/nasl.php?oid=865785", "type": "openvas", "title": "Fedora Update for socat FEDORA-2013-9505", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2013-9505\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"socat on Fedora 17\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865785);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:03:04 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-3571\", \"CVE-2012-0219\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for socat FEDORA-2013-9505\");\n\n script_xref(name: \"FEDORA\", value: \"2013-9505\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108473.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.2.2~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219", "CVE-2013-3571"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-13T00:00:00", "id": "OPENVAS:1361412562310865785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865785", "type": "openvas", "title": "Fedora Update for socat FEDORA-2013-9505", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2013-9505\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865785\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:03:04 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-3571\", \"CVE-2012-0219\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for socat FEDORA-2013-9505\");\n script_xref(name:\"FEDORA\", value:\"2013-9505\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108473.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'socat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"socat on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.2.2~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201208-01.", "modified": "2017-07-07T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:71851", "href": "http://plugins.openvas.org/nasl.php?oid=71851", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201208-01 (socat)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer overflow in socat might allow remote attackers to execute\n arbitrary code.\";\ntag_solution = \"All socat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/socat-1.7.2.1'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201208-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=415977\nhttp://www.dest-unreach.org/socat/contrib/socat-secadv3.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201208-01.\";\n\n \n \nif(description)\n{\n script_id(71851);\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-0219\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:52 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201208-01 (socat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/socat\", unaffected: make_list(\"ge 1.7.2.1\"), vulnerable: make_list(\"lt 1.7.2.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:56:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "description": "Check for the Version of socat", "modified": "2018-01-01T00:00:00", "published": "2012-06-08T00:00:00", "id": "OPENVAS:864286", "href": "http://plugins.openvas.org/nasl.php?oid=864286", "type": "openvas", "title": "Fedora Update for socat FEDORA-2012-8328", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2012-8328\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"socat on Fedora 16\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081882.html\");\n script_id(864286);\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-08 10:11:04 +0530 (Fri, 08 Jun 2012)\");\n script_cve_id(\"CVE-2012-0219\");\n script_xref(name: \"FEDORA\", value: \"2012-8328\");\n script_name(\"Fedora Update for socat FEDORA-2012-8328\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.2.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-25T00:00:00", "published": "2012-05-31T00:00:00", "id": "OPENVAS:71376", "href": "http://plugins.openvas.org/nasl.php?oid=71376", "type": "openvas", "title": "FreeBSD Ports: socat", "sourceData": "#\n#VID 6601127c-9e09-11e1-b5e0-000c299b62e1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 6601127c-9e09-11e1-b5e0-000c299b62e1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: socat\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nwww.dest-unreach.org/socat/contrib/socat-secadv3.html\nhttp://www.vuxml.org/freebsd/6601127c-9e09-11e1-b5e0-000c299b62e1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71376);\n script_cve_id(\"CVE-2012-0219\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6022 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-25 14:51:04 +0200 (Tue, 25 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:53:51 -0400 (Thu, 31 May 2012)\");\n script_name(\"FreeBSD Ports: socat\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"socat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.2.1\")<0) {\n txt += \"Package socat version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "description": "Check for the Version of socat", "modified": "2018-01-02T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864379", "href": "http://plugins.openvas.org/nasl.php?oid=864379", "type": "openvas", "title": "Fedora Update for socat FEDORA-2012-8274", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2012-8274\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"socat on Fedora 17\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081619.html\");\n script_id(864379);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:05:59 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0219\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-8274\");\n script_name(\"Fedora Update for socat FEDORA-2012-8274\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.2.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864379", "type": "openvas", "title": "Fedora Update for socat FEDORA-2012-8274", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2012-8274\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081619.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864379\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:05:59 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0219\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-8274\");\n script_name(\"Fedora Update for socat FEDORA-2012-8274\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'socat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"socat on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.2.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-06-08T00:00:00", "id": "OPENVAS:1361412562310864286", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864286", "type": "openvas", "title": "Fedora Update for socat FEDORA-2012-8328", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2012-8328\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081882.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864286\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-08 10:11:04 +0530 (Fri, 08 Jun 2012)\");\n script_cve_id(\"CVE-2012-0219\");\n script_xref(name:\"FEDORA\", value:\"2012-8328\");\n script_name(\"Fedora Update for socat FEDORA-2012-8328\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'socat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"socat on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.2.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-05-31T00:00:00", "id": "OPENVAS:136141256231071376", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071376", "type": "openvas", "title": "FreeBSD Ports: socat", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_socat0.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 6601127c-9e09-11e1-b5e0-000c299b62e1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71376\");\n script_cve_id(\"CVE-2012-0219\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:53:51 -0400 (Thu, 31 May 2012)\");\n script_name(\"FreeBSD Ports: socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: socat\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.dest-unreach.org/socat/contrib/socat-secadv3.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/6601127c-9e09-11e1-b5e0-000c299b62e1.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"socat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.2.1\")<0) {\n txt += \"Package socat version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201208-01.", "modified": "2018-10-12T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:136141256231071851", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071851", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201208-01 (socat)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201208_01.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71851\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-0219\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:52 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201208-01 (socat)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"A buffer overflow in socat might allow remote attackers to execute\n arbitrary code.\");\n script_tag(name:\"solution\", value:\"All socat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/socat-1.7.2.1'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201208-01\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=415977\");\n script_xref(name:\"URL\", value:\"http://www.dest-unreach.org/socat/contrib/socat-secadv3.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201208-01.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/socat\", unaffected: make_list(\"ge 1.7.2.1\"), vulnerable: make_list(\"lt 1.7.2.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-03-01T02:08:01", "description": "CVE-2010-2799 Stack-based buffer overflow in the nestlex function in\nnestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through\n2.0.0-b3, when bidirectional data relay is enabled, allows\ncontext-dependent attackers to execute arbitrary code via long\ncommand-line arguments.\n\nCVE-2012-0219 Heap-based buffer overflow in the xioscan_readline\nfunction in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and\n2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code\nvia the READLINE address.\n\nCVE-2013-3571 socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before\n2.0.0-b6, when used for a listen type address and the fork option is\nenabled, allows remote attackers to cause a denial of service (file\ndescriptor consumption) via multiple request that are refused based on\nthe (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap\nrestrictions.", "edition": 30, "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : Socat vulnerabilities (K14919)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219", "CVE-2013-3571", "CVE-2010-2799"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL14919.NASL", "href": "https://www.tenable.com/plugins/nessus/78159", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K14919.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78159);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2010-2799\", \"CVE-2012-0219\", \"CVE-2013-3571\");\n script_bugtraq_id(42112, 53510, 60170);\n\n script_name(english:\"F5 Networks BIG-IP : Socat vulnerabilities (K14919)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2010-2799 Stack-based buffer overflow in the nestlex function in\nnestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through\n2.0.0-b3, when bidirectional data relay is enabled, allows\ncontext-dependent attackers to execute arbitrary code via long\ncommand-line arguments.\n\nCVE-2012-0219 Heap-based buffer overflow in the xioscan_readline\nfunction in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and\n2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code\nvia the READLINE address.\n\nCVE-2013-3571 socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before\n2.0.0-b6, when used for a listen type address and the fork option is\nenabled, allows remote attackers to cause a denial of service (file\ndescriptor consumption) via multiple request that are refused based on\nthe (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap\nrestrictions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K14919\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K14919.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K14919\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.5.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.5.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.5.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:08", "description": "Updated socat package fixes security vulnerability :\n\nHeap-based buffer overflow in the xioscan_readline function in\nxio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through\n2.0.0-b4 allows local users to execute arbitrary code via the READLINE\naddress (CVE-2012-0219).", "edition": 24, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : socat (MDVSA-2013:127)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:socat"], "id": "MANDRIVA_MDVSA-2013-127.NASL", "href": "https://www.tenable.com/plugins/nessus/66139", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:127. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66139);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0219\");\n script_bugtraq_id(53510);\n script_xref(name:\"MDVSA\", value:\"2013:127\");\n script_xref(name:\"MGASA\", value:\"2012-0138\");\n\n script_name(english:\"Mandriva Linux Security Advisory : socat (MDVSA-2013:127)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated socat package fixes security vulnerability :\n\nHeap-based buffer overflow in the xioscan_readline function in\nxio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through\n2.0.0-b4 allows local users to execute arbitrary code via the READLINE\naddress (CVE-2012-0219).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected socat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"socat-1.7.2.1-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:54:24", "description": "The remote host is affected by the vulnerability described in GLSA-201208-01\n(socat: Arbitrary code execution)\n\n A vulnerability in the 'xioscan_readline()' function in xio-readline.c\n could cause a heap-based buffer overflow.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the socat process.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-08-15T00:00:00", "title": "GLSA-201208-01 : socat: Arbitrary code execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "modified": "2012-08-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:socat"], "id": "GENTOO_GLSA-201208-01.NASL", "href": "https://www.tenable.com/plugins/nessus/61540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201208-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61540);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0219\");\n script_bugtraq_id(53510);\n script_xref(name:\"GLSA\", value:\"201208-01\");\n\n script_name(english:\"GLSA-201208-01 : socat: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201208-01\n(socat: Arbitrary code execution)\n\n A vulnerability in the 'xioscan_readline()' function in xio-readline.c\n could cause a heap-based buffer overflow.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the socat process.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.dest-unreach.org/socat/contrib/socat-secadv3.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201208-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All socat users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/socat-1.7.2.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/socat\", unaffected:make_list(\"ge 1.7.2.1\"), vulnerable:make_list(\"lt 1.7.2.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:44:58", "description": "The socat development team reports :\n\nThis vulnerability can be exploited when socat is invoked with the\nREADLINE address (this is usually only used interactively) without\noption 'prompt' and without option 'noprompt' and an attacker succeeds\nto provide malicious data to the other (arbitrary) address that is\nthen transferred by socat to the READLINE address for output.\n\nSuccessful exploitation may allow an attacker to execute arbitrary\ncode with the privileges of the socat process.", "edition": 22, "published": "2012-05-15T00:00:00", "title": "FreeBSD : socat -- Heap-based buffer overflow (6601127c-9e09-11e1-b5e0-000c299b62e1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "modified": "2012-05-15T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:socat", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6601127C9E0911E1B5E0000C299B62E1.NASL", "href": "https://www.tenable.com/plugins/nessus/59095", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59095);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0219\");\n\n script_name(english:\"FreeBSD : socat -- Heap-based buffer overflow (6601127c-9e09-11e1-b5e0-000c299b62e1)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The socat development team reports :\n\nThis vulnerability can be exploited when socat is invoked with the\nREADLINE address (this is usually only used interactively) without\noption 'prompt' and without option 'noprompt' and an attacker succeeds\nto provide malicious data to the other (arbitrary) address that is\nthen transferred by socat to the READLINE address for output.\n\nSuccessful exploitation may allow an attacker to execute arbitrary\ncode with the privileges of the socat process.\"\n );\n # https://vuxml.freebsd.org/freebsd/6601127c-9e09-11e1-b5e0-000c299b62e1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4df550e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"socat<1.7.2.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:40", "description": "Fix for CVE-2012-0219 heap-based buffer overflow\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-07T00:00:00", "title": "Fedora 16 : socat-1.7.2.1-1.fc16 (2012-8328)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "modified": "2012-06-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:socat"], "id": "FEDORA_2012-8328.NASL", "href": "https://www.tenable.com/plugins/nessus/59389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8328.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59389);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0219\");\n script_bugtraq_id(53510);\n script_xref(name:\"FEDORA\", value:\"2012-8328\");\n\n script_name(english:\"Fedora 16 : socat-1.7.2.1-1.fc16 (2012-8328)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2012-0219 heap-based buffer overflow\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081882.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?313564de\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected socat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"socat-1.7.2.1-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:40", "description": "Fix for CVE-2012-0219 heap-based buffer overflow\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-04T00:00:00", "title": "Fedora 17 : socat-1.7.2.1-1.fc17 (2012-8274)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "modified": "2012-06-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:socat"], "id": "FEDORA_2012-8274.NASL", "href": "https://www.tenable.com/plugins/nessus/59334", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8274.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59334);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0219\");\n script_bugtraq_id(53510);\n script_xref(name:\"FEDORA\", value:\"2012-8274\");\n\n script_name(english:\"Fedora 17 : socat-1.7.2.1-1.fc17 (2012-8274)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2012-0219 heap-based buffer overflow\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081619.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48dd7417\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected socat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"socat-1.7.2.1-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:25:12", "description": "This update of socat fixes a buffer overflow in READLINE output mode.", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : socat (openSUSE-SU-2012:0809-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:socat-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:socat", "p-cpe:/a:novell:opensuse:socat-debugsource"], "id": "OPENSUSE-2012-348.NASL", "href": "https://www.tenable.com/plugins/nessus/74659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-348.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74659);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0219\");\n\n script_name(english:\"openSUSE Security Update : socat (openSUSE-SU-2012:0809-1)\");\n script_summary(english:\"Check for the openSUSE-2012-348 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update of socat fixes a buffer overflow in READLINE output mode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=759859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected socat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:socat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:socat-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"socat-1.7.1.3-8.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"socat-debuginfo-1.7.1.3-8.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"socat-debugsource-1.7.1.3-8.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T01:21:07", "description": "Heap-based buffer overflow in the xioscan_readline function in\nxio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through\n2.0.0-b4 allows local users to execute arbitrary code via the READLINE\naddress.", "edition": 25, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : socat (ALAS-2012-87)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0219"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:socat-debuginfo", "p-cpe:/a:amazon:linux:socat", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-87.NASL", "href": "https://www.tenable.com/plugins/nessus/69694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-87.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69694);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0219\");\n script_xref(name:\"ALAS\", value:\"2012-87\");\n\n script_name(english:\"Amazon Linux AMI : socat (ALAS-2012-87)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Heap-based buffer overflow in the xioscan_readline function in\nxio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through\n2.0.0-b4 allows local users to execute arbitrary code via the READLINE\naddress.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-87.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update socat' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:socat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"socat-1.7.2.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"socat-debuginfo-1.7.2.1-1.6.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat / socat-debuginfo\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:54:12", "description": "A vulnerability has been discovered and corrected in socat :\n\nUnder certain circumstances an FD leak occurs and can be misused for\ndenial of service attacks against socat running in server mode\n(CVE-2013-3571).\n\nThe updated packages have been upgraded to the latest version\n(1.7.2.2) which is not vulnerable to this issue.", "edition": 25, "published": "2013-05-30T00:00:00", "title": "Mandriva Linux Security Advisory : socat (MDVSA-2013:170)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3571"], "modified": "2013-05-30T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:socat"], "id": "MANDRIVA_MDVSA-2013-170.NASL", "href": "https://www.tenable.com/plugins/nessus/66689", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:170. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66689);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-3571\");\n script_bugtraq_id(60170);\n script_xref(name:\"MDVSA\", value:\"2013:170\");\n\n script_name(english:\"Mandriva Linux Security Advisory : socat (MDVSA-2013:170)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in socat :\n\nUnder certain circumstances an FD leak occurs and can be misused for\ndenial of service attacks against socat running in server mode\n(CVE-2013-3571).\n\nThe updated packages have been upgraded to the latest version\n(1.7.2.2) which is not vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.dest-unreach.org/socat/contrib/socat-secadv4.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected socat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"socat-1.7.2.2-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:59", "description": "Fix for CVE-2013-3571: Denial of service due to file descriptor leak\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-07-12T00:00:00", "title": "Fedora 18 : socat-1.7.2.2-1.fc18 (2013-9504)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3571"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:socat"], "id": "FEDORA_2013-9504.NASL", "href": "https://www.tenable.com/plugins/nessus/67361", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-9504.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67361);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-3571\");\n script_bugtraq_id(60170);\n script_xref(name:\"FEDORA\", value:\"2013-9504\");\n\n script_name(english:\"Fedora 18 : socat-1.7.2.2-1.fc18 (2013-9504)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2013-3571: Denial of service due to file descriptor leak\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=967345\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108461.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6339507f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected socat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"socat-1.7.2.2-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0219"], "description": "### Background\n\nsocat is a multipurpose bidirectional relay, similar to netcat.\n\n### Description\n\nA vulnerability in the \"xioscan_readline()\" function in xio-readline.c could cause a heap-based buffer overflow. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the socat process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll socat users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/socat-1.7.2.1\"", "edition": 1, "modified": "2012-08-14T00:00:00", "published": "2012-08-14T00:00:00", "id": "GLSA-201208-01", "href": "https://security.gentoo.org/glsa/201208-01", "type": "gentoo", "title": "socat: Arbitrary code execution", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0219"], "description": "\nThe socat development team reports:\n\nThis vulnerability can be exploited when socat is invoked with the\n\t READLINE address (this is usually only used interactively) without\n\t option \"prompt\" and without option \"noprompt\" and an attacker succeeds\n\t to provide malicious data to the other (arbitrary) address that is then\n\t transferred by socat to the READLINE address for output.\nSuccessful exploitation may allow an attacker to execute arbitrary\n\t code with the privileges of the socat process.\n\n", "edition": 4, "modified": "2012-05-14T00:00:00", "published": "2012-05-14T00:00:00", "id": "6601127C-9E09-11E1-B5E0-000C299B62E1", "href": "https://vuxml.freebsd.org/freebsd/6601127c-9e09-11e1-b5e0-000c299b62e1.html", "title": "socat -- Heap-based buffer overflow", "type": "freebsd", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:37", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3571"], "description": "\nGerhard Rieger reports:\n\nUnder certain circumstances an FD leak occurs and can be misused for\n\t denial of service attacks against socat running in server mode.\n\n", "edition": 4, "modified": "2013-05-26T00:00:00", "published": "2013-05-26T00:00:00", "id": "6D87C2E9-C64D-11E2-9C22-50465D9FF992", "href": "https://vuxml.freebsd.org/freebsd/6d87c2e9-c64d-11e2-9c22-50465d9ff992.html", "title": "socat -- FD leak", "type": "freebsd", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0219"], "description": "**Issue Overview:**\n\nHeap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. \n\n \n**Affected Packages:** \n\n\nsocat\n\n \n**Issue Correction:** \nRun _yum update socat_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n socat-debuginfo-1.7.2.1-1.6.amzn1.i686 \n socat-1.7.2.1-1.6.amzn1.i686 \n \n src: \n socat-1.7.2.1-1.6.amzn1.src \n \n x86_64: \n socat-1.7.2.1-1.6.amzn1.x86_64 \n socat-debuginfo-1.7.2.1-1.6.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-06-11T10:28:00", "published": "2012-06-11T10:28:00", "id": "ALAS-2012-087", "href": "https://alas.aws.amazon.com/ALAS-2012-87.html", "title": "Medium: socat", "type": "amazon", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:37:03", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3571"], "description": "**Issue Overview:**\n\nsocat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. \n\n \n**Affected Packages:** \n\n\nsocat\n\n \n**Issue Correction:** \nRun _yum update socat_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n socat-debuginfo-1.7.2.2-1.8.amzn1.i686 \n socat-1.7.2.2-1.8.amzn1.i686 \n \n src: \n socat-1.7.2.2-1.8.amzn1.src \n \n x86_64: \n socat-1.7.2.2-1.8.amzn1.x86_64 \n socat-debuginfo-1.7.2.2-1.8.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-06-20T14:13:00", "published": "2013-06-20T14:13:00", "id": "ALAS-2013-202", "href": "https://alas.aws.amazon.com/ALAS-2013-202.html", "title": "Medium: socat", "type": "amazon", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}]}