[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Socat security advisory 6 - Possible DoS with fork
From: cve-assign () mitre ! org
Date: 2015-01-27 18:21:21
Message-ID: Pine.LNX.4.64.1501271320180.11165 () beijing ! mitre ! org
[Download RAW message or body]
> Socat security advisory 6 - Possible DoS with fork
>
> Overview
> socats signal handler implementations are not async-signal-safe and
> can cause crash or freeze of socat processes
>
> Vulnerability Id: (pending)
>
> Severity: Low
>
> Details
> Socats signal handler implementations are not asnyc-signal-safe. When
> a signal is triggered while the process is within a non
> async-signal-safe function the signal handler will call a non
> sync-signal-safe function too. POSIX specifies the behaviour in this
> situation as undefined. Dependend on involved functions, libraries,
> and operating system, the process can continue, freeze, or crash.
> Mostly this issue occurs when socat is in listening mode with fork
> option and a couple of child processes terminate at the same time.
>
> Testcase
> none
>
> Affected versions
> 1.0.0.0 - 1.7.2.4
> 2.0.0-b1 - 2.0.0-b7
>
> Not affected or corrected versions
> 1.7.3.0 and later
> 2.0.0-b8 (to be released) and later
>
> Workaround
> none
>
> Download
> The updated sources can be downloaded from:
>
> http://www.dest-unreach.org/socat/download/socat-1.7.3.0.tar.gz
>
> Credits
> Credits to Peter Lobsinger
Use CVE-2015-1379.
---
CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic