{"cve": [{"lastseen": "2016-09-03T14:10:00", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.", "modified": "2010-09-15T00:00:00", "published": "2010-09-14T17:00:01", "id": "CVE-2010-2799", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2799", "title": "CVE-2010-2799", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T00:16:34", "bulletinFamily": "software", "description": "\nF5 Product Development tracked this vulnerability as ID 437285 (BIG-IP), ID 442612 (Enterprise Manager), and ID 442611 (BIG-IQ), and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H446709 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP AAM| 11.4.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| bash CLI \nBIG-IP AFM| 11.3.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| bash CLI \nBIG-IP Analytics| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| bash CLI \nBIG-IP APM| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.1.0 - 10.2.4| bash CLI \nBIG-IP ASM| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0| 11.2.1 HF16 \n10.1.0 - 10.2.4| bash CLI \nBIG-IP GTM| 11.0.0 - 11.5.4| 11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP Link Controller| 11.0.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP PEM| 11.3.0 - 11.5.4| 12.0.0 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| bash CLI \nBIG-IP PSM| 11.0.0 - 11.4.1| 11.4.1 HF10 \n11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0| 11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nBIG-IP WOM| 11.0.0 - 11.3.0| 11.2.1 HF16 \n10.0.0 - 10.2.4| bash CLI \nARX| None| 6.0.0 - 6.4.0 \n5.0.0 - 5.3.1| None \nEnterprise Manager| 3.0.0 - 3.1.1| 2.0.0 - 2.3.0| bash CLI \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| bash CLI \nBIG-IQ Security| 4.0.0 - 4.5.0| None| bash CLI \nBIG-IQ Device| 4.2.0 - 4.5.0| None| bash CLI \nBIG-IQ Centralized Management| 4.6.0| 5.0.0 - 5.1.0| bash CLI \nBIG-IQ Cloud and Orchestration| None| 1.0.0| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-10T00:56:00", "published": "2014-01-17T01:52:00", "href": "https://support.f5.com/csp/article/K14919", "id": "F5:K14919", "title": "Socat vulnerabilities CVE-2010-2799, CVE-2012-0219, and CVE-2013-3571", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-25T17:24:55", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-10-25T00:00:00", "published": "2014-01-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14919.html", "id": "SOL14919", "title": "SOL14919 - Socat vulnerabilities CVE-2010-2799, CVE-2012-0219, and CVE-2013-3571", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-18T11:05:17", "bulletinFamily": "scanner", "description": "Check for the Version of socat", "modified": "2018-01-17T00:00:00", "published": "2010-09-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831155", "id": "OPENVAS:1361412562310831155", "title": "Mandriva Update for socat MDVSA-2010:183 (socat)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for socat MDVSA-2010:183 (socat)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in socat:\n\n Stack-based buffer overflow in the nestlex function in nestlex.c\n in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3,\n when bidirectional data relay is enabled, allows context-dependent\n attackers to execute arbitrary code via long command-line arguments\n (CVE-2010-2799).\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"socat on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00019.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831155\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:183\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Mandriva Update for socat MDVSA-2010:183 (socat)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.6.0.0~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:04:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update to socat\nannounced via advisory DSA 2090-1.", "modified": "2018-01-17T00:00:00", "published": "2010-08-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067844", "id": "OPENVAS:136141256231067844", "type": "openvas", "title": "Debian Security Advisory DSA 2090-1 (socat)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2090_1.nasl 8440 2018-01-17 07:58:46Z teissa $\n# Description: Auto-generated from advisory DSA 2090-1 (socat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A stack overflow vulnerability was found in socat that allows an\nattacker to execute arbitrary code with the privileges of the socat\nprocess.\n\nThis vulnerability can only be exploited when an attacker is able to\ninject more than 512 bytes of data into socat's argument.\n\nA vulnerable scenario would be a CGI script that reads data from\nclients and uses (parts of) this data as argument for a socat\ninvocation.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.6.0.1-1+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.7.1.3-1.\n\nWe recommend that you upgrade your socat package.\";\ntag_summary = \"The remote host is missing an update to socat\nannounced via advisory DSA 2090-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202090-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67844\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Debian Security Advisory DSA 2090-1 (socat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"socat\", ver:\"1.6.0.1-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:42", "bulletinFamily": "scanner", "description": "Check for the Version of socat", "modified": "2017-12-14T00:00:00", "published": "2010-09-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862361", "id": "OPENVAS:862361", "title": "Fedora Update for socat FEDORA-2010-13403", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2010-13403\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"socat on Fedora 12\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046681.html\");\n script_id(862361);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-13403\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Fedora Update for socat FEDORA-2010-13403\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.1.3~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:19", "bulletinFamily": "scanner", "description": "Check for the Version of socat", "modified": "2017-12-20T00:00:00", "published": "2010-09-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831155", "id": "OPENVAS:831155", "title": "Mandriva Update for socat MDVSA-2010:183 (socat)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for socat MDVSA-2010:183 (socat)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in socat:\n\n Stack-based buffer overflow in the nestlex function in nestlex.c\n in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3,\n when bidirectional data relay is enabled, allows context-dependent\n attackers to execute arbitrary code via long command-line arguments\n (CVE-2010-2799).\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"socat on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00019.php\");\n script_id(831155);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:183\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Mandriva Update for socat MDVSA-2010:183 (socat)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.6.0.0~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:32", "bulletinFamily": "scanner", "description": "Check for the Version of socat", "modified": "2017-07-10T00:00:00", "published": "2011-03-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862880", "id": "OPENVAS:862880", "title": "Fedora Update for socat FEDORA-2011-0098", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2011-0098\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"socat on Fedora 14\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055132.html\");\n script_id(862880);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-08 14:34:13 +0100 (Tue, 08 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-0098\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Fedora Update for socat FEDORA-2011-0098\");\n\n script_summary(\"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.1.3~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:29", "bulletinFamily": "scanner", "description": "Check for the Version of socat", "modified": "2017-12-29T00:00:00", "published": "2010-09-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862361", "id": "OPENVAS:1361412562310862361", "title": "Fedora Update for socat FEDORA-2010-13403", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2010-13403\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"socat on Fedora 12\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046681.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862361\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-13403\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Fedora Update for socat FEDORA-2010-13403\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.1.3~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:54:05", "bulletinFamily": "scanner", "description": "Check for the Version of socat", "modified": "2018-01-05T00:00:00", "published": "2010-09-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862368", "id": "OPENVAS:1361412562310862368", "title": "Fedora Update for socat FEDORA-2010-13412", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2010-13412\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"socat on Fedora 13\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046686.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862368\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-13412\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Fedora Update for socat FEDORA-2010-13412\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.1.3~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:06", "bulletinFamily": "scanner", "description": "Check for the Version of socat", "modified": "2018-04-06T00:00:00", "published": "2011-03-08T00:00:00", "id": "OPENVAS:1361412562310862880", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862880", "title": "Fedora Update for socat FEDORA-2011-0098", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2011-0098\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"socat on Fedora 14\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055132.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862880\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-08 14:34:13 +0100 (Tue, 08 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-0098\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Fedora Update for socat FEDORA-2011-0098\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.1.3~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update to socat\nannounced via advisory DSA 2090-1.", "modified": "2017-07-07T00:00:00", "published": "2010-08-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67844", "id": "OPENVAS:67844", "title": "Debian Security Advisory DSA 2090-1 (socat)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2090_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2090-1 (socat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A stack overflow vulnerability was found in socat that allows an\nattacker to execute arbitrary code with the privileges of the socat\nprocess.\n\nThis vulnerability can only be exploited when an attacker is able to\ninject more than 512 bytes of data into socat's argument.\n\nA vulnerable scenario would be a CGI script that reads data from\nclients and uses (parts of) this data as argument for a socat\ninvocation.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.6.0.1-1+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.7.1.3-1.\n\nWe recommend that you upgrade your socat package.\";\ntag_summary = \"The remote host is missing an update to socat\nannounced via advisory DSA 2090-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202090-1\";\n\n\nif(description)\n{\n script_id(67844);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Debian Security Advisory DSA 2090-1 (socat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"socat\", ver:\"1.6.0.1-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:58:08", "bulletinFamily": "scanner", "description": "Check for the Version of socat", "modified": "2017-12-18T00:00:00", "published": "2010-09-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862368", "id": "OPENVAS:862368", "title": "Fedora Update for socat FEDORA-2010-13412", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for socat FEDORA-2010-13412\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"socat on Fedora 13\";\ntag_insight = \"Socat is a relay for bidirectional data transfer between two independent data\n channels. Each of these data channels may be a file, pipe, device (serial line\n etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an\n SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU\n line editor (readline), a program, or a combination of two of these.\n The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046686.html\");\n script_id(862368);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-13412\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2799\");\n script_name(\"Fedora Update for socat FEDORA-2010-13412\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of socat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"socat\", rpm:\"socat~1.7.1.3~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:11:50", "bulletinFamily": "scanner", "description": "- Upgrade to 1.7.1.3\n\n - Includes fix for CVE-2010-2799 Stack overflow by\n lexical scanning of nested character patterns\n\n - Resolves\n https://bugzilla.redhat.com/show_bug.cgi?id=620430\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2016-05-11T00:00:00", "published": "2011-03-07T00:00:00", "id": "FEDORA_2011-0098.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52552", "title": "Fedora 14 : socat-1.7.1.3-1.fc14 (2011-0098)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0098.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52552);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:24:19 $\");\n\n script_cve_id(\"CVE-2010-2799\");\n script_bugtraq_id(42112);\n script_xref(name:\"FEDORA\", value:\"2011-0098\");\n\n script_name(english:\"Fedora 14 : socat-1.7.1.3-1.fc14 (2011-0098)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Upgrade to 1.7.1.3\n\n - Includes fix for CVE-2010-2799 Stack overflow by\n lexical scanning of nested character patterns\n\n - Resolves\n https://bugzilla.redhat.com/show_bug.cgi?id=620430\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620430\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055132.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e355d478\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected socat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"socat-1.7.1.3-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:11:00", "bulletinFamily": "scanner", "description": "This resolves CVE-2010-2799 Socat: Stack overflow by lexical scanning\nof nested character patterns\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-20T00:00:00", "published": "2010-09-01T00:00:00", "id": "FEDORA_2010-13403.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49059", "title": "Fedora 12 : socat-1.7.1.3-1.fc12 (2010-13403)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13403.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49059);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:05:31 $\");\n\n script_cve_id(\"CVE-2010-2799\");\n script_xref(name:\"FEDORA\", value:\"2010-13403\");\n\n script_name(english:\"Fedora 12 : socat-1.7.1.3-1.fc12 (2010-13403)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This resolves CVE-2010-2799 Socat: Stack overflow by lexical scanning\nof nested character patterns\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620426\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046681.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb9a2971\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected socat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"socat-1.7.1.3-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:10:56", "bulletinFamily": "scanner", "description": "A stack overflow vulnerability was found in socat that allows an\nattacker to execute arbitrary code with the privileges of the socat\nprocess.\n\nThis vulnerability can only be exploited when an attacker is able to\ninject more than 512 bytes of data into socat's argument.\n\nA vulnerable scenario would be a CGI script that reads data from\nclients and uses (parts of) this data as argument for a socat\ninvocation.", "modified": "2018-11-10T00:00:00", "published": "2010-08-09T00:00:00", "id": "DEBIAN_DSA-2090.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48270", "title": "Debian DSA-2090-1 : socat - incorrect user-input validation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2090. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48270);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2010-2799\");\n script_xref(name:\"DSA\", value:\"2090\");\n\n script_name(english:\"Debian DSA-2090-1 : socat - incorrect user-input validation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack overflow vulnerability was found in socat that allows an\nattacker to execute arbitrary code with the privileges of the socat\nprocess.\n\nThis vulnerability can only be exploited when an attacker is able to\ninject more than 512 bytes of data into socat's argument.\n\nA vulnerable scenario would be a CGI script that reads data from\nclients and uses (parts of) this data as argument for a socat\ninvocation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2090\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the socat package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.6.0.1-1+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"socat\", reference:\"1.6.0.1-1+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:11:00", "bulletinFamily": "scanner", "description": "This resolves CVE-2010-2799 Socat: Stack overflow by lexical scanning\nof nested character patterns\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2016-05-11T00:00:00", "published": "2010-09-01T00:00:00", "id": "FEDORA_2010-13412.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49060", "title": "Fedora 13 : socat-1.7.1.3-1.fc13 (2010-13412)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13412.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49060);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:16:08 $\");\n\n script_cve_id(\"CVE-2010-2799\");\n script_bugtraq_id(42112);\n script_xref(name:\"FEDORA\", value:\"2010-13412\");\n\n script_name(english:\"Fedora 13 : socat-1.7.1.3-1.fc13 (2010-13412)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This resolves CVE-2010-2799 Socat: Stack overflow by lexical scanning\nof nested character patterns\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620426\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046686.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?563e1bbb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected socat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"socat-1.7.1.3-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"socat\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:02", "bulletinFamily": "scanner", "description": "This update fixes two small security issues in socat :\n\n - Fixed a stack overflow in commandline parsing\n (bnc#627475 / CVE-2010-2799) Only exploitable if an\n attacker can control the commandline parameters.\n\n - Fixed heap overflow in READLINE output mode. (bnc#759859\n / CVE-2012-0219)", "modified": "2012-07-03T00:00:00", "published": "2012-07-03T00:00:00", "id": "SUSE_SOCAT-8186.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59830", "title": "SuSE 10 Security Update : socat (ZYPP Patch Number 8186)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59830);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/07/03 12:55:10 $\");\n\n script_cve_id(\"CVE-2010-2799\", \"CVE-2012-0219\");\n\n script_name(english:\"SuSE 10 Security Update : socat (ZYPP Patch Number 8186)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two small security issues in socat :\n\n - Fixed a stack overflow in commandline parsing\n (bnc#627475 / CVE-2010-2799) Only exploitable if an\n attacker can control the commandline parameters.\n\n - Fixed heap overflow in READLINE output mode. (bnc#759859\n / CVE-2012-0219)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2799.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0219.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8186.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"socat-1.7.0.0-1.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"socat-1.7.0.0-1.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:33", "bulletinFamily": "scanner", "description": "This update fixes two small security issues in socat :\n\n - Fixed a stack overflow in commandline parsing\n (bnc#627475 / CVE-2010-2799) Only exploitable if an\n attacker can control the commandline parameters.\n\n - Fixed heap overflow in READLINE output mode (bnc#759859\n / CVE-2012-0219)", "modified": "2013-10-25T00:00:00", "published": "2013-01-25T00:00:00", "id": "SUSE_11_SOCAT-120611.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64225", "title": "SuSE 11.1 Security Update : socat (SAT Patch Number 6407)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64225);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:56:04 $\");\n\n script_cve_id(\"CVE-2010-2799\", \"CVE-2012-0219\");\n\n script_name(english:\"SuSE 11.1 Security Update : socat (SAT Patch Number 6407)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two small security issues in socat :\n\n - Fixed a stack overflow in commandline parsing\n (bnc#627475 / CVE-2010-2799) Only exploitable if an\n attacker can control the commandline parameters.\n\n - Fixed heap overflow in READLINE output mode (bnc#759859\n / CVE-2012-0219)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=627475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=759859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2799.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0219.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6407.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:socat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"socat-1.7.0.0-1.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"socat-1.7.0.0-1.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"socat-1.7.0.0-1.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:50", "bulletinFamily": "scanner", "description": "CVE-2010-2799 Stack-based buffer overflow in the nestlex function in\nnestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through\n2.0.0-b3, when bidirectional data relay is enabled, allows\ncontext-dependent attackers to execute arbitrary code via long\ncommand-line arguments.\n\nCVE-2012-0219 Heap-based buffer overflow in the xioscan_readline\nfunction in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and\n2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code\nvia the READLINE address.\n\nCVE-2013-3571 socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before\n2.0.0-b6, when used for a listen type address and the fork option is\nenabled, allows remote attackers to cause a denial of service (file\ndescriptor consumption) via multiple request that are refused based on\nthe (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap\nrestrictions.", "modified": "2019-01-04T00:00:00", "published": "2014-10-10T00:00:00", "id": "F5_BIGIP_SOL14919.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78159", "title": "F5 Networks BIG-IP : Socat vulnerabilities (K14919)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K14919.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78159);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2010-2799\", \"CVE-2012-0219\", \"CVE-2013-3571\");\n script_bugtraq_id(42112, 53510, 60170);\n\n script_name(english:\"F5 Networks BIG-IP : Socat vulnerabilities (K14919)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2010-2799 Stack-based buffer overflow in the nestlex function in\nnestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through\n2.0.0-b3, when bidirectional data relay is enabled, allows\ncontext-dependent attackers to execute arbitrary code via long\ncommand-line arguments.\n\nCVE-2012-0219 Heap-based buffer overflow in the xioscan_readline\nfunction in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and\n2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code\nvia the READLINE address.\n\nCVE-2013-3571 socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before\n2.0.0-b6, when used for a listen type address and the fork option is\nenabled, allows remote attackers to cause a denial of service (file\ndescriptor consumption) via multiple request that are refused based on\nthe (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap\nrestrictions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K14919\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K14919.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K14919\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.5.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.5.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.5.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1HF10\",\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1HF16\",\"10.0.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:13", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2090-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nAugust 06, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : socat\nVulnerability : incorrect user-input validation\nProblem type : remote\nDebian-specific: no\nDebian bug : 591443\nCVE ID : CVE-2010-2799\n\nA stack overflow vulnerability was found in socat that allows an \nattacker to execute arbitrary code with the privileges of the socat\nprocess.\n\nThis vulnerability can only be exploited when an attacker is able to \ninject more than 512 bytes of data into socat's argument.\n\nA vulnerable scenario would be a CGI script that reads data from \nclients and uses (parts of) this data as argument for a socat \ninvocation.\n\nFor the stable distribution (lenny), this problem has been fixed in \nversion 1.6.0.1-1+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.7.1.3-1.\n\nWe recommend that you upgrade your socat package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1.orig.tar.gz\n Size/MD5 checksum: 489105 5a6a1d1e398d5c4d32fa6515baf477af\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1.dsc\n Size/MD5 checksum: 1013 157ca774934ca80c6a94c1b741a9093b\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1.diff.gz\n Size/MD5 checksum: 4381 7e52b5124379d307c379b6ecf70284f0\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_alpha.deb\n Size/MD5 checksum: 341794 8bd7ad19df1117ec16195fa75a127706\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_amd64.deb\n Size/MD5 checksum: 330554 3106c700362d15d5f1ef3ebb68e6805c\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_arm.deb\n Size/MD5 checksum: 312612 2a70ed46e9491e800a77823b0217abbb\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_armel.deb\n Size/MD5 checksum: 315430 08e6b5a7b9eda8dbe3173c115c8e1796\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_hppa.deb\n Size/MD5 checksum: 331510 d1802193cb2a2f28ef51d8c07f5e374b\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_i386.deb\n Size/MD5 checksum: 316594 24c9775f51968d945266e7a28b9d103a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_ia64.deb\n Size/MD5 checksum: 387414 c2bbf057264a8387df441dd3a9bbc330\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_mips.deb\n Size/MD5 checksum: 333986 48385d0f66ea5397bc718c0e2af6b056\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_mipsel.deb\n Size/MD5 checksum: 328748 3f2edf664abb7e8318f5a5c3b9c35991\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_powerpc.deb\n Size/MD5 checksum: 339838 77db34fb93c8bd07590729d3e1aaa98d\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_s390.deb\n Size/MD5 checksum: 329612 56dc31e55ccb561742fe751993200255\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_sparc.deb\n Size/MD5 checksum: 312724 96fa647e83461a5f2fd1678d6da6ee27\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-08-06T21:09:55", "published": "2010-08-06T21:09:55", "id": "DEBIAN:DSA-2090-1:0F554", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00135.html", "title": "[SECURITY] [DSA 2090-1] New socat packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2090-1 security@debian.org\r\nhttp://www.debian.org/security/ Luciano Bello\r\nAugust 06, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : socat\r\nVulnerability : incorrect user-input validation\r\nProblem type : remote\r\nDebian-specific: no\r\nDebian bug : 591443\r\nCVE ID : CVE-2010-2799\r\n\r\nA stack overflow vulnerability was found in socat that allows an \r\nattacker to execute arbitrary code with the privileges of the socat\r\nprocess.\r\n\r\nThis vulnerability can only be exploited when an attacker is able to \r\ninject more than 512 bytes of data into socat's argument.\r\n\r\nA vulnerable scenario would be a CGI script that reads data from \r\nclients and uses (parts of) this data as argument for a socat \r\ninvocation.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in \r\nversion 1.6.0.1-1+lenny1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.7.1.3-1.\r\n\r\nWe recommend that you upgrade your socat package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390\r\nand sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1.orig.tar.gz\r\n Size/MD5 checksum: 489105 5a6a1d1e398d5c4d32fa6515baf477af\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1.dsc\r\n Size/MD5 checksum: 1013 157ca774934ca80c6a94c1b741a9093b\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1.diff.gz\r\n Size/MD5 checksum: 4381 7e52b5124379d307c379b6ecf70284f0\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_alpha.deb\r\n Size/MD5 checksum: 341794 8bd7ad19df1117ec16195fa75a127706\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_amd64.deb\r\n Size/MD5 checksum: 330554 3106c700362d15d5f1ef3ebb68e6805c\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_arm.deb\r\n Size/MD5 checksum: 312612 2a70ed46e9491e800a77823b0217abbb\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_armel.deb\r\n Size/MD5 checksum: 315430 08e6b5a7b9eda8dbe3173c115c8e1796\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_hppa.deb\r\n Size/MD5 checksum: 331510 d1802193cb2a2f28ef51d8c07f5e374b\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_i386.deb\r\n Size/MD5 checksum: 316594 24c9775f51968d945266e7a28b9d103a\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_ia64.deb\r\n Size/MD5 checksum: 387414 c2bbf057264a8387df441dd3a9bbc330\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_mips.deb\r\n Size/MD5 checksum: 333986 48385d0f66ea5397bc718c0e2af6b056\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_mipsel.deb\r\n Size/MD5 checksum: 328748 3f2edf664abb7e8318f5a5c3b9c35991\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_powerpc.deb\r\n Size/MD5 checksum: 339838 77db34fb93c8bd07590729d3e1aaa98d\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_s390.deb\r\n Size/MD5 checksum: 329612 56dc31e55ccb561742fe751993200255\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_sparc.deb\r\n Size/MD5 checksum: 312724 96fa647e83461a5f2fd1678d6da6ee27\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAkxceXkACgkQXm3vHE4uylq/MQCgstyFJ3YQP83rAs/kqOV5sKto\r\n8JQAoKu2HWn8NXXUxrQ3Kegcqiu/iUTH\r\n=InRY\r\n-----END PGP SIGNATURE-----", "modified": "2010-08-09T00:00:00", "published": "2010-08-09T00:00:00", "id": "SECURITYVULNS:DOC:24435", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24435", "title": "[SECURITY] [DSA 2090-1] New socat packages fix arbitrary code execution", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
