Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 400599 (CVE-2012-0806) - <net-irc/bip-0.8.8-r1 Buffer overflow when number of open fds >= FD_SETSIZE (CVE-2012-0806)
Summary: <net-irc/bip-0.8.8-r1 Buffer overflow when number of open fds >= FD_SETSIZE (...
Status: RESOLVED FIXED
Alias: CVE-2012-0806
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://projects.duckcorp.org/issues/269
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-24 13:59 UTC by Alex Legler (RETIRED)
Modified: 2012-01-30 12:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2012-01-24 13:59:01 UTC
Julien Tinnes reported that bip does not check the number of open file descriptors against FD_SETSIZE, resulting in a buffer overflow that is supposed to be exploitable.

Fix: https://projects.duckcorp.org/projects/bip/repository/revisions/222a33cb84a2e52ad55a88900b7895bf9dd0262c
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2012-01-24 14:04:40 UTC
I'm assuming there's a release right around the corner.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2012-01-27 17:09:11 UTC
No release yet, went for a revbump.

Arches, please test and mark stable:
=net-irc/bip-0.8.8-r1
Target keywords : "amd64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-01-27 19:43:02 UTC
amd64 stable
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-01-29 12:24:09 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2012-01-29 12:55:33 UTC
B1 should be good.


Filed new glsa request. Thanks everyone.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-01-29 13:17:24 UTC
CVE-2012-0806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806):
  Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated
  users to execute arbitrary code via vectors involving a series of TCP
  connections that triggers use of many open file descriptors.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-01-30 12:46:14 UTC
This issue was resolved and addressed in
 GLSA 201201-18 at http://security.gentoo.org/glsa/glsa-201201-18.xml
by GLSA coordinator Alex Legler (a3li).