169599 – net-im/silc-server 1.0.2 denial of service vulnerability

Bug 169599 - net-im/silc-server 1.0.2 denial of service vulnerability

Summary: net-im/silc-server 1.0.2 denial of service vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://lists.silcnet.org/pipermail/si...
Whiteboard:	B3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-03-06 11:47 UTC by Frank Benkstein
Modified:	2007-03-14 13:00 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
silc-join-hmac.patch (silc-join-hmac.patch,1.11 KB, patch) 2007-03-06 11:49 UTC, Frank Benkstein	no flags	Details \| Diff
silc-join-hmac-v2.patch (silc-join-hmac-v2.patch,2.81 KB, text/plain) 2007-03-06 12:43 UTC, Frank Benkstein	no flags	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Frank Benkstein 2007-03-06 11:47:05 UTC

Hi,

there is a bug in the current version of silc-server that makes it possible
to crash a networks SILC router, when a new channel is created. All it takes
is to specify an invalid hmac algorithm name and no cipher algorithm name.
This results in an null pointer dereference in 'SILC_SERVER_CMD_FUNC(join)' at
line 2444 in apps/silcd/command.c.

The attached patch fixes the problem.

Best regards,
Frank Benkstein

Comment 1 Frank Benkstein 2007-03-06 11:49:07 UTC

Created attachment 112279 [details, diff]
silc-join-hmac.patch

silc_server_create_new_channel failing may mean a number of things. Before
the patch silcd just assumes that the cipher algorithm was not found (which
may not even be provided).

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev

2007-03-06 12:04:06 UTC

thanks for the report

net-irc can you comment/confirm? tavis?

Comment 3 Frank Benkstein 2007-03-06 12:43:43 UTC

Created attachment 112281 [details]
silc-join-hmac-v2.patch

The error described before may happen at multiple places. The previous patch
only fixed the issue for standalone servers and not for routers.

Comment 4 Raúl Porcel (RETIRED) gentoo-dev

2007-03-06 13:49:54 UTC

Yep, i was able to reproduce the bug. The patch fixes it.

silc-server-1.0.2-r1 commited to the tree :)

Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev

2007-03-06 14:04:26 UTC

thanks Raúl

arches, please test silc-server-1.0.2-r1 and mark stable if possible

Comment 6 Raúl Porcel (RETIRED) gentoo-dev

2007-03-06 14:31:15 UTC

x86 stable.

Btw, thanks Frank for the patch(forgot to say before)

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2007-03-06 20:04:11 UTC

ppc stable

Comment 8 Frank Benkstein 2007-03-07 08:50:44 UTC

FYI: silc-server 1.0.3 was just released, including this fix

Comment 9 Gustavo Zacarias (RETIRED) gentoo-dev

2007-03-07 14:18:36 UTC

sparc stable.

Comment 10 Matthias Geerdsen (RETIRED) gentoo-dev

2007-03-07 14:26:24 UTC

voting time

/me votes yes

Comment 11 Stefan Cornelius (RETIRED) gentoo-dev

2007-03-07 14:35:24 UTC

yes++

Comment 12 Matthias Geerdsen (RETIRED) gentoo-dev

2007-03-14 13:00:38 UTC

GLSA 200703-12

thanks everyone