Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 194923

Summary: net-irc/dircproxy Denial of service (CVE-2007-5226)
Product: Gentoo Security Reporter: Tobias Heinlein (RETIRED) <keytoaster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: net-irc
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
dircproxy-1.2.0-blank-me-segfault.patch none

Description Tobias Heinlein (RETIRED) gentoo-dev 2007-10-06 17:46:04 UTC 
CVE-2007-5226 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5226):
  irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause
  a denial of service (segmentation fault) via an ACTION command without a
  parameter, which triggers a NULL pointer dereference, as demonstrated using a
  blank /me message from irssi.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-09 22:43:41 UTC 
A patch for 1.0.5 can be found here: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=nmu.patch;att=1;bug=445883

The 1.2.0 code is different, but the fix should do the same (check for NULL pointer).

net-irc, please advise.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-10-09 22:48:29 UTC 
Created attachment 133035 [details, diff]
dircproxy-1.2.0-blank-me-segfault.patch

Oh, yeah. And because you're all lazy, here's the patch. Courtesy of Fedora.
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2007-10-15 13:25:35 UTC 
Fixed in:
dircproxy-1.0.5-r1
dircproxy-1.1.0-r2
dircproxy-1.2.0_beta2-r1

Stabilize 1.0.5-r1
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2007-10-15 14:26:49 UTC 
Thanks.
Arches, please stabilise net-irc/dircproxy-1.0.5-r1. Targets are: "alpha amd64 ppc x86".
Comment 5 Dawid Węgliński (RETIRED) gentoo-dev 2007-10-15 14:49:23 UTC 
Please do
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2007-10-15 19:41:10 UTC 
(In reply to comment #5)
> Please do
> 

Blah, seems I forgot to click the "Add archs" button after selecting the archs in the pull-down menu once again. Thanks for adding them.
Comment 7 Dawid Węgliński (RETIRED) gentoo-dev 2007-10-15 20:42:04 UTC 
Stable on x86
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2007-10-16 09:35:50 UTC 
alpha stable
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2007-10-18 17:18:26 UTC 
ppc stable
Comment 10 Steve Dibb (RETIRED) gentoo-dev 2007-10-21 15:00:52 UTC 
amd64 stable
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2007-10-21 15:37:19 UTC 
1, 2, 3, vote!
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-10-21 17:47:22 UTC 
I vote NO.
Comment 13 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-10-22 20:13:09 UTC 
Trivial to trigger, and annoying. I would vote Yes.
Comment 14 Robert Buchholz (RETIRED) gentoo-dev 2007-10-25 23:30:57 UTC 
It is an annoying bug, but it can only be triggered by authenticated users to deny their own service, and those of others if it is configured for multiple users. I'd  say no.
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-10-26 07:28:58 UTC 
NO wins. Closing without GLSA. Feel free to reopen if you disagree.