Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue,  2 Feb 2016 14:37:17 -0500 (EST)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Socat security advisory 8 - Stack overflow in parser

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>   This vulnerability can only be exploited when an attacker is able to
>   inject data into socat's command line.
>   A vulnerable scenario would be a CGI script that reads data from
>   clients and uses (parts of) this data as hostname for a Socat
>   invocation.

This was sent to the oss-security list as a published advisory, not as
a CVE ID request. Is there anyone (e.g., a Linux distribution) who is
planning to re-announce this to a different audience in a way that
would make a CVE ID especially useful? Note that there will be a
CVE ID for the simultaneously released "security advisory 7."

At this point, the MITRE CVE team does not see a realistic
exploitation scenario (for security advisory 8) that would be best
categorized as a socat problem that requires a socat CVE ID. For
example, "a CGI script that reads data from clients and uses (parts
of) this data as hostname for a Socat invocation" might be better
categorized as an SSRF vulnerability in that CGI script (and
potentially site-specific unless such a CGI script already exists in
packaged code).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWsQPRAAoJEL54rhJi8gl58g4QAJY2pF4cO5bxQA7rfwlGajZq
/ZL6f4v59/LZpe9Vpa+HTUwXGe+cRv68Zvgp37K1gWqnmazIwgCmJGIZ3BvVJ019
v/AizZt7aCOZf8X2VTK82ylQU56bcOdmXCKZ9Xb9OHukIpK918bILOPb+t2HmqCe
jOHNyzMRou9R/23qan8WQzW78JmK1D8E2DjHZbdHDkKm83j2z+CKI2H2hHkaYOy+
QHqMiJuo6PMPLObxPmF1HY8cqN+EIl2LPt0VShAr2uYjlyB3eCpY2kdfJQUSQ6FW
RxBa5bue+X0fv8IenUEtQsEcVJgS5jWwPavE7mrR8fkeyjJM+WGyilf2/iXuofBx
zasCOaH82xteaIGoXW99OmLhFjMDPCIcN6lD33xu/GtF/Xg9OBbYeMfsjb1FoLsf
w6lRyW3PyRRDTzZoeLpRhacK759eJvBBDL8JUqeJTsKOhKdnbOD47wHYrVboypbC
ZAcS8Jnl8wrTslP6iscad32J6plr8pIzoyo8iOks6oKx1BnaZTQn99MOHt7GBBN6
7Io9JMcjDcael9iDIlM7Gwv+AzAUqDZuKZ6CIPPwbVklVQYM7zTBx4Ch2+7KB8yt
5r8y5GgzFO29ryA6T+cBwFDFcAFsJf6D0t5qV39mELAi49R6Qw/GI7huLsi54W9B
0fUfuGVElnJEWu8NEth2
=FQZ0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.