Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 573602 (CVE-2016-2217) - <net-misc/socat-{1.7.3.1,2.0.0_beta9}: Multiple vulnerabilities (CVE-2016-2217)
Summary: <net-misc/socat-{1.7.3.1,2.0.0_beta9}: Multiple vulnerabilities (CVE-2016-2217)
Status: RESOLVED FIXED
Alias: CVE-2016-2217
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-01 16:14 UTC by Jeroen Roovers (RETIRED)
Modified: 2016-12-08 13:13 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2016-02-01 16:14:35 UTC
* http://www.dest-unreach.org/socat/contrib/socat-secadv7.html

"
In the OpenSSL address implementation the hard coded 1024 bit DH p parameter was not prime. The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p. Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out.

A new prime modulus p parameter has been generated by Socat developer using OpenSSL dhparam command.

In addition the new parameter is 2048 bit long.
"

 * http://www.dest-unreach.org/socat/contrib/socat-secadv8.html

"
A stack overflow vulnerability was found that can be triggered when command line arguments (complete address specifications, host names, file names) are longer than 512 bytes.

Successful exploitation might allow an attacker to execute arbitrary code with the privileges of the socat process.

This vulnerability can only be exploited when an attacker is able to inject data into socat's command line.

A vulnerable scenario would be a CGI script that reads data from clients and uses (parts of) this data as hostname for a Socat invocation.
"
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-01 16:15:16 UTC
Arch teams, please test and mark stable:
=net-misc/socat-1.7.3.1
Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc sparc x86
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-02 04:52:42 UTC
Stable for HPPA.
Comment 3 Tobias Klausmann (RETIRED) gentoo-dev 2016-02-02 11:58:19 UTC
Stable on alpha.
Comment 4 Agostino Sarubbo gentoo-dev 2016-02-03 16:53:33 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-02-03 16:55:10 UTC
x86 stable
Comment 6 Markus Meier gentoo-dev 2016-02-14 17:21:01 UTC
arm stable
Comment 7 SpanKY gentoo-dev 2016-03-02 05:57:28 UTC
i've done the rest now
Comment 8 Thomas Deutschmann gentoo-dev 2016-11-29 20:49:10 UTC
CVE: http://seclists.org/oss-sec/2016/q1/278
     http://seclists.org/oss-sec/2016/q1/271


New GLSA created.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2016-12-08 13:13:27 UTC
This issue was resolved and addressed in
 GLSA 201612-23 at https://security.gentoo.org/glsa/201612-23
by GLSA coordinator Aaron Bauman (b-man).