Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-3571

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2013-3571
Last Modified 09 May 2014 10:00:31
Published 08 May 2014 10:29:08
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-3571

Summary

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.

Vulnerable Systems

Application

  • Dest-unreach Socat 1.2.0.0

  • Dest-unreach Socat 1.3.0.0

  • Dest-unreach Socat 1.3.0.1

  • Dest-unreach Socat 1.3.1.0

  • Dest-unreach Socat 1.3.2.0

  • Dest-unreach Socat 1.3.2.1

  • Dest-unreach Socat 1.3.2.2

  • Dest-unreach Socat 1.4.0.0

  • Dest-unreach Socat 1.4.0.1

  • Dest-unreach Socat 1.4.0.2

  • Dest-unreach Socat 1.4.0.3

  • Dest-unreach Socat 1.4.1.0

  • Dest-unreach Socat 1.4.2.0

  • Dest-unreach Socat 1.4.3.0

  • Dest-unreach Socat 1.4.3.1

  • Dest-unreach Socat 1.5.0.0

  • Dest-unreach Socat 1.6.0.0

  • Dest-unreach Socat 1.6.0.1

  • Dest-unreach Socat 1.7.0.0

  • Dest-unreach Socat 1.7.0.1

  • Dest-unreach Socat 1.7.1.0

  • Dest-unreach Socat 1.7.1.1

  • Dest-unreach Socat 1.7.1.2

  • Dest-unreach Socat 1.7.1.3

  • Dest-unreach Socat 1.7.2.0

  • Dest-unreach Socat 1.7.2.1

  • Dest-unreach Socat 2.0.0


References

MLIST - [oss-security] 20130526 socat security advisory 4 - CVE-2013-3571

MANDRIVA - MDVSA-2013:169

CONFIRM - http://www.dest-unreach.org/socat/contrib/socat-secadv4.html


Last Updated: 27 May 2016 11:05:12