0.6.0_rc1 has been released by the developers. Ebuild follows. Reproducible: Always Steps to Reproduce:
Created attachment 109595 [details, diff] dibbler-0.6.0_rc1.ebuild Diff betwean 0.4.1 and 0.6.0_rc1. ${FILESDIR}/${PN}-gcc-4.1.patch is not necessary anymore.
Final version 0.6.0 is available
Created attachment 131358 [details, diff] dibbler-0.6.1.ebuild Version 0.6.1 has been released. This is corresponding ebuild.
Mu Security research team has reported some vulnerabilities in Dibbler, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to input validation errors when processing packets and can be exploited to crash the service via specially crafted packets with e.g. options with large lengths, invalid lengths, or malformed IA_NA options in a REBIND message. The vulnerabilities are reported in version 0.6.0. Prior versions may also be affected. Solution: Update to version 0.6.1.
The Secunia advisory quoted above is here: http://secunia.com/advisories/26876/ CVE assigned the following names to these issues: * CVE-2007-5028 Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. * CVE-2007-5029 Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options. * CVE-2007-5030 Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods. * CVE-2007-5031 The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message.
gmsoft, please bump as necessary.
I bumped to 0.6.1. Sorry for delay.
thanks. closing without glsa.
