dest-unreach / socat / contrib / security advisory 9
Socat source packages contain a wrapper script readline.sh that uses a predictable temporary directory, allowing unprivileged users to overwrite arbitrary files belonging to the scripts caller.
readline.sh is usually neither installed in a bin directory nor is it documented. Major Linux distributions install it in examples/ or doc/; however it is invoked by test.sh script.
Socat security issue 9
CVE-2024-54661
1.6.0.0 - 1.8.0.1
2.0.0-b1 - 2.0.0-b9
1.8.0.2
Create /tmp/$USER with user $USER and mode 0755 or tighter before running readline.sh or test.sh
The updated sources can be downloaded from:
Patch to 1.8.0.1:
http://www.dest-unreach.org/socat/download/socat-1.8.0.2.patchCredits to Wolfgang Frisch from SUSE for finding and reporting this issue.