| Summary: | socat new security issue CVE-2012-0219 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, guillomovitch, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.dest-unreach.org/socat/contrib/socat-secadv3.html | ||
| Whiteboard: | MGA1TOO mga1-64-OK mga2-64-OK mga1-32-OK mga2-32-OK | ||
| Source RPM: | socat-1.7.1.3-2.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-05-20 01:32:31 CEST
David Walser
2012-05-20 01:32:42 CEST
CC:
(none) =>
guillomovitch
Manuel Hiebel
2012-05-21 12:54:44 CEST
Assignee:
bugsquad =>
boklm Fedora has issued an update for Fedora 17 for this on May 24: http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081619.html This is fixed in Cauldron. Updates for Mageia 1 and Mageia 2 are still needed. Version:
1 =>
2 Patched package for Mageia 1 uploaded. Updated package for Mageia 2 uploaded. Advisory: ======================== Updated socat package fixes security vulnerability: Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address (CVE-2012-0219). Also, on Mageia 1, invalid output and a possible process crash when socat prints info about an unnamed unix domain socket has been fixed. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0219 http://www.dest-unreach.org/socat/contrib/socat-secadv3.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081619.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00001.html https://bugzilla.novell.com/show_bug.cgi?id=668319 ======================== Updated packages in core/updates_testing: ======================== socat-1.7.1.3-2.1.mga1 socat-1.7.2.1-1.mga2 from SRPMS: socat-1.7.1.3-2.1.mga1.src.rpm socat-1.7.2.1-1.mga2.src.rpm CC:
(none) =>
boklm One way to test socat is to use it as a network redirector. socat tcp-listen:1111,fork tcp-connect:REMOTE_HOST:22 Will make your machine listen on port 1111, and if you connect to that, it will redirect the connection to machine REMOTE_HOST (hostname or IP address) on port 22. If the remote machine was running sshd, you could do ssh user@localhost -p 1111 to connect to this redirector and it should connect you to ssh on the remote machine. We don't appear vulnerable to this. There is a testcase on the dest-unreach.org link # perl -e 'print "\r"."A"x 513' </tmp/socat-data socat readline exec:'cat /tmp/socat-data' -bash: /tmp/socat-data: No such file or directory # touch /tmp/socat-data # perl -e 'print "\r"."A"x 513' </tmp/socat-data socat readline exec:'cat /tmp/socat-data' AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Same mga1 64 and mga2 64 Testing mga1 64 Thanks David for the test procedure In an mga1 VM I used $ socat tcp-listen:1111,fork tcp-connect:<This-IP>:22 Connecting to it from <This IP> connects back to <This IP> $ ssh -p 1111 <That IP> So it seems to work. Testing complete x86_64 mga1. I'll do the same the other way to test mga2 64. Testing complete mga2 64 Hardware:
i586 =>
All Testing complete Mageia 1 i586. I used socat tcp-listen:1111,fork tcp-connect:localhost:59386 Port 59386 has ... tcp 0 0 127.0.0.1:59386 0.0.0.0:* LISTEN 3233/sshd: dave It's setup by an autossh connection from a remote system. In ~/.ssh/config, I copied the config entry that I normally use to connect to port 59386, changed the name to test, and the port to 1111. Using "ssh test" I get ... $ ssh test Warning: Permanently added '[localhost]:1111' (RSA) to the list of known hosts. I'll run the same test on Mageia 2 i586 shortly. CC:
(none) =>
davidwhodgins Testing complete Mageia 2 i586. Could someone from the sysadmin team push the srpm socat-1.7.2.1-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm socat-1.7.1.3-2.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated socat package fixes security vulnerability: Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address (CVE-2012-0219). Also, on Mageia 1, invalid output and a possible process crash when socat prints info about an unnamed unix domain socket has been fixed. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0219 http://www.dest-unreach.org/socat/contrib/socat-secadv3.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081619.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00001.html https://bugzilla.novell.com/show_bug.cgi?id=668319 https://bugs.mageia.org/show_bug.cgi?id=5986 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0138 Status:
NEW =>
RESOLVED
Nicolas Vigier
2014-05-08 18:07:22 CEST
CC:
boklm =>
(none) |