Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 175563 - net-im/amsn remote DoS vulnerability
Summary: net-im/amsn remote DoS vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://lists.grok.org.uk/pipermail/fu...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-22 13:47 UTC by Robert Buchholz (RETIRED)
Modified: 2009-01-11 19:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-04-22 13:47:51 UTC
amsn is vulnerable to a remote DoS attack that contains { } characters on its control port.

Also see the upstream mailing list about this:
http://sourceforge.net/mailarchive/forum.php?thread_name=2e8fbf7a0704220319m68e0f8d4kc8105749ec6ef85e%40mail.gmail.com&forum_name=amsn-devel
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2007-04-23 15:56:03 UTC
CC'ing maintainers

is there a patch available? SF is too slow for me right now to check
Comment 2 Olivier Crete (RETIRED) gentoo-dev 2007-04-23 18:16:02 UTC
fixed versions are:
0.95-r4 and 0.96-r1

Archs: please mark 0.95-r4 stable (or 0.96-r1 if you prefer)
Comment 3 Steve Dibb (RETIRED) gentoo-dev 2007-04-23 22:58:42 UTC
amd64 done, stabled both
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2007-04-24 06:31:23 UTC
x86 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2007-04-24 12:53:22 UTC
Stable for HPPA.
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2007-04-24 15:08:13 UTC
-sparc for us, gcc3-built amsn worked but gcc4 triggers some badness inside that craps it out in the usual sparc fashion (SIGBUS - unaligned memory accesses, bad cast, bad pointer foo).
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2007-04-24 17:32:27 UTC
ppc stable
Comment 8 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2007-04-30 14:10:47 UTC
alpha stable. Sorry about the delay, I was on holidays.
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-30 14:12:14 UTC
This one is ready for GLSA vote. I tend to vote NO.
Comment 10 Matt Drew (RETIRED) gentoo-dev 2007-05-01 11:28:15 UTC
/vote no, client DoS.
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-01 12:09:50 UTC
Changing to full NO and closing. Feel free to reopen if you disagree.