Gentoo Bug 199897 - net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	199897
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Lars Hartmann <lars@chaotika.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 199897 depends on:			Show dependency tree
Bug 199897 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-11-21 14:22 0000

A vulnerability has been reported in IRC Services, which can be exploited by
malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the improper handling of overly long
passwords within the "default_encrypt()" function in encrypt.c and can be
exploited to crash an affected server.

The vulnerability is reported in versions prior to 5.0.63 and 5.1.9.

Solution:
Update to version 5.0.63 or 5.1.9.
http://www.ircservices.za.net/download.html

Provided and/or discovered by:
The vendor credits loverboy.

Reproducible: Always

------- Comment #1 From Lars Hartmann 2007-11-26 21:41:31 0000 -------

maintainers - please advice

------- Comment #2 From Dawid Węgliński 2007-11-27 15:43:54 0000 -------

*** Bug 200467 has been marked as a duplicate of this bug. ***

------- Comment #3 From Robert Buchholz 2007-11-28 02:08:01 0000 -------

Missed that one.

------- Comment #4 From Dawid Węgliński 2007-11-29 20:06:23 0000 -------

Ok, bumped to 5.0.63 till i have some more time to bump to 5.1.9

------- Comment #5 From Robert Buchholz 2007-11-29 21:22:19 0000 -------

Arches, please test and mark stable net-irc/ircservices-5.0.63.
Target keywords : "ppc x86"

------- Comment #6 From Christian Faulhammer 2007-11-30 13:03:34 0000 -------

x86 stable

------- Comment #7 From Tobias Scherbaum 2007-11-30 22:45:38 0000 -------

ppc stable

------- Comment #8 From Lars Hartmann 2007-12-01 13:50:11 0000 -------

this bug is ready for glsa decision

------- Comment #9 From Robert Buchholz 2007-12-02 12:42:41 0000 -------

Voting YES.

------- Comment #10 From Pierre-Yves Rofes 2007-12-10 21:48:29 0000 -------

yes too, request filed.

------- Comment #11 From Pierre-Yves Rofes 2007-12-13 22:08:44 0000 -------

GLSA 200712-12

------- Comment #12 From Peter Volkov 2008-03-06 09:50:56 0000 -------

Does not affect current (2008.0) release. Removing release.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 199897

net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)

Last modified: 2008-03-06 09:50:56 0000