Detections
Analytics

FreeBSD : socat -- format string vulnerability (f3017ce1-32a4-11d9-a9e7-0001020eed82)

high Nessus Plugin ID 37101

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Socat Security Advisory 1 states :

socat up to version 1.4.0.2 contains a syslog() based format string vulnerability. This issue was originally reported by CoKi on 19 Oct.2004 http://www.nosystem.com.ar/advisories/advisory-07.txt.
Further investigation showed that this vulnerability could under some circumstances lead to local or remote execution of arbitrary code with the privileges of the socat process.

Solution

Update the affected package.

See Also

http://www.dest-unreach.org/socat/advisory/socat-adv-1.html

http://www.nessus.org/u?d93258bc

http://www.nessus.org/u?05f3bc23

Plugin Details

Severity: High

ID: 37101

File Name: freebsd_pkg_f3017ce132a411d9a9e70001020eed82.nasl

Version: 1.12

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:socat, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/10/2004

Vulnerability Publication Date: 10/18/2004