Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 653834 (CVE-2018-1000178, CVE-2018-1000179) - <net-irc/quassel-0.12.5: multiple vulnerabilities
Summary: <net-irc/quassel-0.12.5: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-1000178, CVE-2018-1000179
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-22 22:15 UTC by Thomas Deutschmann (RETIRED)
Modified: 2018-06-14 02:23 UTC (History)
2 users (show)

See Also:
Package list:
net-irc/quassel-0.12.5
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2018-04-22 22:15:38 UTC
Incoming details.
Comment 1 Johannes Huber (RETIRED) gentoo-dev 2018-04-24 19:48:27 UTC
Hook was not able to write the comment, so I do it for him.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0a071f5a9927a03d91b853610dbbe3c7e767d73
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-04-24 19:48:59 UTC
Vuln 1:
Title: quasselcore, corruption of heap metadata caused by qdatastream
leading to preauth remote code execution.
Severity: high, by default the server port is publicly open and the address
can be requested using the /WHOIS command of IRC protocol.
Description: In Qdatastream protocol each object are prepended with 4 bytes
for the object size, this can be used to trigger allocation errors.


Vuln 2:
Title: quasselcore DDOS
Severity: low, impact only a quasselcore not configured.
Description: A login attempt causes a NULL pointer dereference because when
the database is not initialized.
Comment 3 Johannes Huber (RETIRED) gentoo-dev 2018-04-24 19:54:23 UTC
Arches please stabilize =net-irc/quassel-0.12.5. Thanks in advance.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-04-24 23:56:15 UTC
x86 stable
Comment 5 Larry the Git Cow gentoo-dev 2018-04-25 01:17:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c51c9698d0be17a51301c20bc0039583eab5925

commit 8c51c9698d0be17a51301c20bc0039583eab5925
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-25 00:52:44 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-25 00:54:11 +0000

    net-irc/quassel: amd64 stable wrt bug #653834
    
    Bug: https://bugs.gentoo.org/653834
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 net-irc/quassel/quassel-0.12.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 6 Larry the Git Cow gentoo-dev 2018-04-25 05:09:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fd2de0126ae33ffa81d6957c41493a490436469

commit 2fd2de0126ae33ffa81d6957c41493a490436469
Author:     Johannes Huber <johu@gentoo.org>
AuthorDate: 2018-04-25 05:08:44 +0000
Commit:     Johannes Huber <johu@gentoo.org>
CommitDate: 2018-04-25 05:08:44 +0000

    net-irc/quassel: Remove 0.12.4-r1
    
    Bug: https://bugs.gentoo.org/653834
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 net-irc/quassel/Manifest                 |   1 -
 net-irc/quassel/quassel-0.12.4-r1.ebuild | 182 -------------------------------
 2 files changed, 183 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e59eb971d6c83343ba5c3173ae48bb11acc5aa3

commit 7e59eb971d6c83343ba5c3173ae48bb11acc5aa3
Author:     Johannes Huber <johu@gentoo.org>
AuthorDate: 2018-04-25 05:07:29 +0000
Commit:     Johannes Huber <johu@gentoo.org>
CommitDate: 2018-04-25 05:07:29 +0000

    net-irc/quassel: Remove 0.12.4 (r0)
    
    Bug: https://bugs.gentoo.org/603414
    Bug: https://bugs.gentoo.org/653834
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 net-irc/quassel/files/quasselcore.conf |  21 ----
 net-irc/quassel/files/quasselcore.init |  62 ------------
 net-irc/quassel/quassel-0.12.4.ebuild  | 173 ---------------------------------
 3 files changed, 256 deletions(-)}
Comment 7 Johannes Huber (RETIRED) gentoo-dev 2018-04-25 05:10:05 UTC
Cleanup done.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2018-06-14 02:23:40 UTC
This issue was resolved and addressed in
 GLSA 201806-04 at https://security.gentoo.org/glsa/201806-04
by GLSA coordinator Aaron Bauman (b-man).