VULNERABILITIES / FIXES - May 15, 2012
by Carol~ - 5/15/12 10:18 AM
socat "xioscan_readline()" Buffer Overflow Vulnerability
Release Date : 2012-05-15
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: socat 1.x
A vulnerability has been reported in socat, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the "xioscan_readline()" function (xio-readline.c) when parsing data via the READLINE address and can be exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 184.108.40.206.
Update to version 220.127.116.11.
Provided and/or discovered by:
The vendor credits Johan Thillemann.