Vigil@nce - socat: buffer overflow via READLINE
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who can transmit information to socat, can generate a
buffer overflow, in order to execute code.
Severity: 1/4
Creation date: 15/05/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The socat command is used to interconnect data streams. For
example, a file can be "connected" to a socket.
The READLINE mode of socat uses the GNU Readline library, in order
to edit lines of a data stream. The "prompt" and "noprompt"
options of the READLINE mode define a prompt or disable its
automatic match.
The xioscan_readline() function processes lines. However, if lines
are too long, and if prompt/noprompt is not used, a buffer
overflow occurs.
An attacker, who can transmit information to socat, can therefore
generate a buffer overflow, in order to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/socat-buffer-overflow-via-READLINE-11628