socat Buffer Overflow in xioscan_readline() Lets Local Users Gain Elevated Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker Alert ID: 1027064

SecurityTracker URL: http://securitytracker.com/id/1027064

CVE Reference: CVE-2012-0219 (Links to External Site)

Date: May 16 2012

Impact: User access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.4.0.0 - 1.7.2.0, 2.0.0-b1 - 2.0.0-b4

Description: A vulnerability was reported in socat. A local user can obtain elevated privileges on the target system.

A local user can supply specially crafted READLINE command line data to trigger a heap overflow in xioscan_readline() and execute arbitrary code on the target system with the privileges of the socat process.

Johan Thillemann reported this vulnerability.

Impact: A local user can obtain elevated privileges on the target system.

Solution: The vendor has issued a fix (1.7.2.1, 2.0.0-b5).

The vendor's advisory is available at:

http://www.dest-unreach.org/socat/contrib/socat-secadv3.html

Vendor URL: www.dest-unreach.org/socat/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: None.

Date: Wed, 16 May 2012 01:09:44 +0000
Subject: socat


http://www.dest-unreach.org/socat/contrib/socat-secadv3.html

CVE-2012-0219