Summary: | <net-irc/bip-0.8.8-r1 Buffer overflow when number of open fds >= FD_SETSIZE (CVE-2012-0806) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | net-irc |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://projects.duckcorp.org/issues/269 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2012-01-24 13:59:01 UTC
I'm assuming there's a release right around the corner. No release yet, went for a revbump. Arches, please test and mark stable: =net-irc/bip-0.8.8-r1 Target keywords : "amd64 x86" amd64 stable x86 stable B1 should be good. Filed new glsa request. Thanks everyone. CVE-2012-0806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806): Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors. This issue was resolved and addressed in GLSA 201201-18 at http://security.gentoo.org/glsa/glsa-201201-18.xml by GLSA coordinator Alex Legler (a3li). |