FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

socat -- format string vulnerability

Affected packages
socat < 1.4.0.3

Details

VuXML ID f3017ce1-32a4-11d9-a9e7-0001020eed82
Discovery 2004-10-18
Entry 2004-11-10

Socat Security Advisory 1 states:

socat up to version 1.4.0.2 contains a syslog() based format string vulnerability. This issue was originally reported by CoKi on 19 Oct.2004 http://www.nosystem.com.ar/advisories/advisory-07.txt. Further investigation showed that this vulnerability could under some circumstances lead to local or remote execution of arbitrary code with the privileges of the socat process.

[source]

References

URL http://www.dest-unreach.org/socat/advisory/socat-adv-1.html
URL http://www.nosystem.com.ar/advisories/advisory-07.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.