Date: Tue, 2 Feb 2016 14:37:17 -0500 (EST) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Socat security advisory 8 - Stack overflow in parser -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > This vulnerability can only be exploited when an attacker is able to > inject data into socat's command line. > A vulnerable scenario would be a CGI script that reads data from > clients and uses (parts of) this data as hostname for a Socat > invocation. This was sent to the oss-security list as a published advisory, not as a CVE ID request. Is there anyone (e.g., a Linux distribution) who is planning to re-announce this to a different audience in a way that would make a CVE ID especially useful? Note that there will be a CVE ID for the simultaneously released "security advisory 7." At this point, the MITRE CVE team does not see a realistic exploitation scenario (for security advisory 8) that would be best categorized as a socat problem that requires a socat CVE ID. For example, "a CGI script that reads data from clients and uses (parts of) this data as hostname for a Socat invocation" might be better categorized as an SSRF vulnerability in that CGI script (and potentially site-specific unless such a CGI script already exists in packaged code). - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWsQPRAAoJEL54rhJi8gl58g4QAJY2pF4cO5bxQA7rfwlGajZq /ZL6f4v59/LZpe9Vpa+HTUwXGe+cRv68Zvgp37K1gWqnmazIwgCmJGIZ3BvVJ019 v/AizZt7aCOZf8X2VTK82ylQU56bcOdmXCKZ9Xb9OHukIpK918bILOPb+t2HmqCe jOHNyzMRou9R/23qan8WQzW78JmK1D8E2DjHZbdHDkKm83j2z+CKI2H2hHkaYOy+ QHqMiJuo6PMPLObxPmF1HY8cqN+EIl2LPt0VShAr2uYjlyB3eCpY2kdfJQUSQ6FW RxBa5bue+X0fv8IenUEtQsEcVJgS5jWwPavE7mrR8fkeyjJM+WGyilf2/iXuofBx zasCOaH82xteaIGoXW99OmLhFjMDPCIcN6lD33xu/GtF/Xg9OBbYeMfsjb1FoLsf w6lRyW3PyRRDTzZoeLpRhacK759eJvBBDL8JUqeJTsKOhKdnbOD47wHYrVboypbC ZAcS8Jnl8wrTslP6iscad32J6plr8pIzoyo8iOks6oKx1BnaZTQn99MOHt7GBBN6 7Io9JMcjDcael9iDIlM7Gwv+AzAUqDZuKZ6CIPPwbVklVQYM7zTBx4Ch2+7KB8yt 5r8y5GgzFO29ryA6T+cBwFDFcAFsJf6D0t5qV39mELAi49R6Qw/GI7huLsi54W9B 0fUfuGVElnJEWu8NEth2 =FQZ0 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ