Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 409159 (CVE-2012-1836) - <net-irc/inspircd-2.0.5-r1 : DNS Response Processing Buffer Overflow Vulnerability (CVE-2012-1836)
Summary: <net-irc/inspircd-2.0.5-r1 : DNS Response Processing Buffer Overflow Vulnerab...
Status: RESOLVED FIXED
Alias: CVE-2012-1836
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/48474/
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-21 11:46 UTC by Agostino Sarubbo
Modified: 2012-04-10 11:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-03-21 11:46:27 UTC
From secunia security advisory at $URL:

Description
A vulnerability has been reported in InspIRCd, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within dns.cpp when handling DNS responses and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 2.0.5. Other versions may also be affected.


Solution
As a workaround, update the configuration file to set "<performance:nouserdns>" to "yes".


@maintainer:

Is a gentoo configuration vulnerable?
Comment 1 Chema Alonso Josa (RETIRED) gentoo-dev 2012-03-21 21:26:17 UTC
I guess our configuration is vulnerable since it defines <performance:nouserdns> to "no".
The inspircd website has been down for more than a week. I tried to contact them  some months ago wrt the update of the current gentoo version shown in their webpage but I got no response.
I'll bump the current version to apply the workaround proposed and some pending minor changes.
Removing Dane Smith (c1pher) from CC, he was my proxy.
Thanks for the heads up.
Comment 2 Agostino Sarubbo gentoo-dev 2012-03-22 07:42:25 UTC
(In reply to comment #1)
> Removing Dane Smith (c1pher) from CC, he was my proxy.

Please also remove it from metadata.xml
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-03-22 16:34:35 UTC
CVE-2012-1836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1836):
  Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote
  attackers to execute arbitrary code via a crafted DNS query that uses
  compression.
Comment 4 Chema Alonso Josa (RETIRED) gentoo-dev 2012-03-23 10:39:02 UTC
inspircd-2.0.5-r1 now in the tree, includes suggested workaround.
Comment 5 Agostino Sarubbo gentoo-dev 2012-03-23 10:58:16 UTC
thanks.

Arches, please test and mark stable:
=net-irc/inspircd-2.0.5-r1
Target KEYWORDS : "amd64 x86"
Comment 6 Chema Alonso Josa (RETIRED) gentoo-dev 2012-03-23 14:10:03 UTC
The following configuration directory sample can help to test the package:

https://bugs.gentoo.org/show_bug.cgi?id=375661#c3

Thanks.
Comment 7 Agostino Sarubbo gentoo-dev 2012-03-24 11:56:08 UTC
amd64 stable
Comment 8 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-27 15:00:56 UTC
x86 stable
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2012-03-27 15:18:07 UTC
Thanks, everyone. Already in GLSA request.
Comment 10 El Goretto 2012-03-30 11:27:23 UTC
There is an issue in this ebuild, about the "ssl" use flag which used to be "openssl" use flag.

IUSE="gnutls ipv6 ldap mysql postgres sqlite ssl" <<--- was "openssl" in previous ebuilds, even 2.0.5 non-r1.

RDEPEND="
    dev-lang/perl
    ssl? ( dev-libs/openssl )  <<--- same here

Thus m_ssl_openssl.so isn't build anymore, preventing eventually inspircd from starting.
Comment 11 Chema Alonso Josa (RETIRED) gentoo-dev 2012-03-30 19:26:25 UTC
(In reply to comment #10)
> There is an issue in this ebuild, about the "ssl" use flag which used to be
> "openssl" use flag.

The flag name was changed, according to use.desc:

ssl - Adds support for Secure Socket Layer connections

> 
> Thus m_ssl_openssl.so isn't build anymore, preventing eventually inspircd
> from starting.

You are right, my bad here, the package is not been properly configured for the new flag name. Thanks for the catch!

@ago: I have a fix for this. I'd fix it in inspircd-2.0.5-r2, but, would it be ok to include it in current inspircd-2.0.5-r1, avoiding the revision bump?. Thanks
Comment 12 michael 2012-03-31 01:39:19 UTC
gnutls also affected:

Unable to load m_ssl_gnutls.so: /usr/lib64/inspircd/modules/m_ssl_gnutls.so: undefined symbol: gcry_randomize
Comment 13 michael 2012-03-31 02:37:27 UTC
(In reply to comment #12)
> gnutls also affected:
> 
> Unable to load m_ssl_gnutls.so: /usr/lib64/inspircd/modules/m_ssl_gnutls.so:
> undefined symbol: gcry_randomize

correction: resolved as incompatible with gnutls-2.12.18
Comment 14 Chema Alonso Josa (RETIRED) gentoo-dev 2012-04-02 17:04:15 UTC
(In reply to comment #13)
> (In reply to comment #12)
> 
> correction: resolved as incompatible with gnutls-2.12.18

This commit [1] fixes the m_ssl_gnutls module link breakage with gnutls-2.12.18.

Unfortunately it was not included in inspircd-2.0.5 upstream version. I'll include this fix in the upcoming inspircd-2.0.5-r2 revision.

Thanks.

[1] https://github.com/inspircd/inspircd/commit/b6cfed350681b97e5ff4e417717fa973e466d3d4#src/modules/extra/m_ssl_gnutls.cpp
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2012-04-10 11:24:17 UTC
This issue was resolved and addressed in
 GLSA 201204-02 at http://security.gentoo.org/glsa/glsa-201204-02.xml
by GLSA coordinator Sean Amoss (ackle).