Vulnerabilities > CVE-2016-2217 - Key Management Errors vulnerability in Dest-Unreach Socat 1.7.3.0/2.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201612-23.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201612-23 (socat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in socat. Please review the references below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or obtain confidential information. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 95639 |
published | 2016-12-08 |
reporter | This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/95639 |
title | GLSA-201612-23 : socat: Multiple vulnerabilities |
code |
|
References
- http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
- http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
- http://www.openwall.com/lists/oss-security/2016/02/01/4
- http://www.openwall.com/lists/oss-security/2016/02/01/4
- http://www.openwall.com/lists/oss-security/2016/02/04/1
- http://www.openwall.com/lists/oss-security/2016/02/04/1
- https://security.gentoo.org/glsa/201612-23
- https://security.gentoo.org/glsa/201612-23