TITLE: socat "_msg()" Logging Format String Vulnerability SECUNIA ADVISORY ID: SA12936 VERIFY ADVISORY: http://secunia.com/advisories/12936/ CRITICAL: Highly critical IMPACT: Privilege escalation, System access WHERE: From remote SOFTWARE: socat 1.x http://secunia.com/product/4126/ DESCRIPTION: CoKi has reported a vulnerability in socat, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a format string error in the function "_msg()" in "error.c". This can be exploited to execute arbitrary code when socat is used as a HTTP proxy client and connects to a malicious server. This can also be exploited by a malicious, local user to gain escalated privileges when socat listens on a UNIX domain socket. Successful exploitation requires that socat logs to syslog ("-ly" command line option). SOLUTION: Update to version 1.4.0.3. http://www.dest-unreach.org/socat/download/ Do not log to syslog. PROVIDED AND/OR DISCOVERED BY: CoKi ORIGINAL ADVISORY: Vendor: http://www.dest-unreach.org/socat/advisory/socat-adv-1.html CoKi: http://www.nosystem.com.ar/advisories/advisory-07.txt
vapier, you bumped this package last, could you please bump it again to 1.4.0.3. thanks!
added to cvs as stable for all arches
Ready for GLSA.
GLSA drafted. security, please review.
GLSA 200410-26