Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 169599

Summary: net-im/silc-server 1.0.2 denial of service vulnerability
Product: Gentoo Security Reporter: Frank Benkstein <benkstein>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: net-irc
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.silcnet.org/pipermail/silc-devel/2007-March/001873.html
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
silc-join-hmac.patch
none
silc-join-hmac-v2.patch none

Description Frank Benkstein 2007-03-06 11:47:05 UTC
Hi,

there is a bug in the current version of silc-server that makes it possible
to crash a networks SILC router, when a new channel is created. All it takes
is to specify an invalid hmac algorithm name and no cipher algorithm name.
This results in an null pointer dereference in 'SILC_SERVER_CMD_FUNC(join)' at
line 2444 in apps/silcd/command.c.

The attached patch fixes the problem.

Best regards,
Frank Benkstein
Comment 1 Frank Benkstein 2007-03-06 11:49:07 UTC
Created attachment 112279 [details, diff]
silc-join-hmac.patch

silc_server_create_new_channel failing may mean a number of things. Before
the patch silcd just assumes that the cipher algorithm was not found (which
may not even be provided).
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2007-03-06 12:04:06 UTC
thanks for the report

net-irc can you comment/confirm? tavis?
Comment 3 Frank Benkstein 2007-03-06 12:43:43 UTC
Created attachment 112281 [details]
silc-join-hmac-v2.patch

The error described before may happen at multiple places. The previous patch
only fixed the issue for standalone servers and not for routers.
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2007-03-06 13:49:54 UTC
Yep, i was able to reproduce the bug. The patch fixes it.

silc-server-1.0.2-r1 commited to the tree :)
Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev 2007-03-06 14:04:26 UTC
thanks Raúl

arches, please test silc-server-1.0.2-r1 and mark stable if possible
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2007-03-06 14:31:15 UTC
x86 stable.

Btw, thanks Frank for the patch(forgot to say before)
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2007-03-06 20:04:11 UTC
ppc stable
Comment 8 Frank Benkstein 2007-03-07 08:50:44 UTC
FYI: silc-server 1.0.3 was just released, including this fix
Comment 9 Gustavo Zacarias (RETIRED) gentoo-dev 2007-03-07 14:18:36 UTC
sparc stable.
Comment 10 Matthias Geerdsen (RETIRED) gentoo-dev 2007-03-07 14:26:24 UTC
voting time

/me votes yes
Comment 11 Stefan Cornelius (RETIRED) gentoo-dev 2007-03-07 14:35:24 UTC
yes++
Comment 12 Matthias Geerdsen (RETIRED) gentoo-dev 2007-03-14 13:00:38 UTC
GLSA 200703-12

thanks everyone