Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0219

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2012-0219
Last Modified 09 May 2014 11:39:49
Published 21 Jun 2012 11:55:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2012-0219

Summary

Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.

Vulnerable Systems

Application

  • Dest-unreach Socat 1.4.0.0

  • Dest-unreach Socat 1.4.0.1

  • Dest-unreach Socat 1.4.0.2

  • Dest-unreach Socat 1.4.0.3

  • Dest-unreach Socat 1.4.1.0

  • Dest-unreach Socat 1.4.2.0

  • Dest-unreach Socat 1.4.3.1

  • Dest-unreach Socat 1.5.0.0

  • Dest-unreach Socat 1.6.0.0

  • Dest-unreach Socat 1.6.0.1

  • Dest-unreach Socat 1.7.0.0

  • Dest-unreach Socat 1.7.0.1

  • Dest-unreach Socat 1.7.1.0

  • Dest-unreach Socat 1.7.1.1

  • Dest-unreach Socat 1.7.1.2

  • Dest-unreach Socat 1.7.1.3

  • Dest-unreach Socat 1.7.2.0

  • Dest-unreach Socat 2.0.0


References

SECTRACK - 1027064

OSVDB - 81969

CONFIRM - http://www.dest-unreach.org/socat/contrib/socat-secadv3.html

SECUNIA - 49105

FEDORA - FEDORA-2012-8328

FEDORA - FEDORA-2012-8274

MLIST - [oss-security] 20120514 socat security advisory

SUSE - openSUSE-SU-2012:0809

SECUNIA - 49746

BID - 53510

GENTOO - GLSA-201208-01

MANDRIVA - MDVSA-2013:169

Related Patches

Novell SUSE 2012:6407 socat security update for SLE 11 SP1 i586

Novell SUSE 2012:6407 socat security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8186 socat security update for SLE 10 SP4 i586

Novell SUSE 2012:8186 socat security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:34