Vigil@nce: socat, buffer overflow of parameters
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When an attacker can inject long parameters on the socat command
line, he can execute code with user privileges.
– Severity: 1/4
– Creation date: 03/08/2010
DESCRIPTION OF THE VULNERABILITY
The socat program is used to create and process sockets and data
streams.
The socat/nestlex.c file contains a lexical analyzer to decode
command line parameters. However, this analyzer does not check the
size of addresses, host names or file names. When these parameters
are longer than 512 bytes, a buffer overflow thus occurs.
When an attacker can inject long parameters on the socat command
line, he can therefore execute code with user privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/socat-buffer-overflow-of-parameters-9805