194923 – net-irc/dircproxy Denial of service (CVE-2007-5226)

Bug 194923 - net-irc/dircproxy Denial of service (CVE-2007-5226)

Summary: net-irc/dircproxy Denial of service (CVE-2007-5226)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-10-06 17:46 UTC by Tobias Heinlein (RETIRED)
Modified:	2007-10-26 07:28 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
dircproxy-1.2.0-blank-me-segfault.patch (dircproxy-1.2.0-blank-me-segfault.patch,639 bytes, patch) 2007-10-09 22:48 UTC, Robert Buchholz (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Heinlein (RETIRED) gentoo-dev

2007-10-06 17:46:04 UTC

CVE-2007-5226 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5226):
  irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause
  a denial of service (segmentation fault) via an ACTION command without a
  parameter, which triggers a NULL pointer dereference, as demonstrated using a
  blank /me message from irssi.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-10-09 22:43:41 UTC

A patch for 1.0.5 can be found here: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=nmu.patch;att=1;bug=445883

The 1.2.0 code is different, but the fix should do the same (check for NULL pointer).

net-irc, please advise.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2007-10-09 22:48:29 UTC

Created attachment 133035 [details, diff]
dircproxy-1.2.0-blank-me-segfault.patch

Oh, yeah. And because you're all lazy, here's the patch. Courtesy of Fedora.

Comment 3 Raúl Porcel (RETIRED) gentoo-dev

2007-10-15 13:25:35 UTC

Fixed in:
dircproxy-1.0.5-r1
dircproxy-1.1.0-r2
dircproxy-1.2.0_beta2-r1

Stabilize 1.0.5-r1

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2007-10-15 14:26:49 UTC

Thanks.
Arches, please stabilise net-irc/dircproxy-1.0.5-r1. Targets are: "alpha amd64 ppc x86".

Comment 5 Dawid Węgliński (RETIRED) gentoo-dev

2007-10-15 14:49:23 UTC

Please do

Comment 6 Tobias Heinlein (RETIRED) gentoo-dev

2007-10-15 19:41:10 UTC

(In reply to comment #5)
> Please do
> 

Blah, seems I forgot to click the "Add archs" button after selecting the archs in the pull-down menu once again. Thanks for adding them.

Comment 7 Dawid Węgliński (RETIRED) gentoo-dev

2007-10-15 20:42:04 UTC

Stable on x86

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2007-10-16 09:35:50 UTC

alpha stable

Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev

2007-10-18 17:18:26 UTC

ppc stable

Comment 10 Steve Dibb (RETIRED) gentoo-dev

2007-10-21 15:00:52 UTC

amd64 stable

Comment 11 Robert Buchholz (RETIRED) gentoo-dev

2007-10-21 15:37:19 UTC

1, 2, 3, vote!

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-10-21 17:47:22 UTC

I vote NO.

Comment 13 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-10-22 20:13:09 UTC

Trivial to trigger, and annoying. I would vote Yes.

Comment 14 Robert Buchholz (RETIRED) gentoo-dev

2007-10-25 23:30:57 UTC

It is an annoying bug, but it can only be triggered by authenticated users to deny their own service, and those of others if it is configured for multiple users. I'd  say no.

Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-10-26 07:28:58 UTC

NO wins. Closing without GLSA. Feel free to reopen if you disagree.