[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Socat security advisory 6 - Possible DoS with fork
From:       cve-assign () mitre ! org
Date:       2015-01-27 18:21:21
Message-ID: Pine.LNX.4.64.1501271320180.11165 () beijing ! mitre ! org
[Download RAW message or body]


> Socat security advisory 6 - Possible DoS with fork
>
> Overview
>  socats signal handler implementations are not async-signal-safe and
>  can cause crash or freeze of socat processes
>
> Vulnerability Id: (pending)
>
> Severity: Low
>
> Details
>  Socats signal handler implementations are not asnyc-signal-safe. When
>  a signal is triggered while the process is within a non
>  async-signal-safe function the signal handler will call a non
>  sync-signal-safe function too. POSIX specifies the behaviour in this
>  situation as undefined. Dependend on involved functions, libraries,
>  and operating system, the process can continue, freeze, or crash.
>  Mostly this issue occurs when socat is in listening mode with fork
>  option and a couple of child processes terminate at the same time.
>
> Testcase
>  none
>
> Affected versions
>  1.0.0.0 - 1.7.2.4
>  2.0.0-b1 - 2.0.0-b7
>
> Not affected or corrected versions
>  1.7.3.0 and later
>  2.0.0-b8 (to be released) and later
>
> Workaround
>  none
>
> Download
>  The updated sources can be downloaded from:
>
>    http://www.dest-unreach.org/socat/download/socat-1.7.3.0.tar.gz
>
> Credits
>   Credits to Peter Lobsinger

Use CVE-2015-1379.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
[prev in list] [next in list] [prev in thread] [next in thread]