Bug 382313 (CVE-2011-3354)

Summary:	<net-irc/quassel-0.7.3 CTCP request Core DoS (CVE-2011-3354)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	patrick, scarabeus, sputnick
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2011-09-08 20:10:23 UTC

CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process certain CTCP requests correctly, allowing a remote attacker connected to the same IRC network as the victim to cause a Denial of Service condition by sending specially crafted CTCP requests. This was demonstrated in various exploits on freenode today.

Fixed in git commit in $URL, released as quassel-0.7.3.

Comment 1 Alex Legler (RETIRED) archtester

2011-09-08 20:10:54 UTC

Maintainers: Can we stabilize 0.7.3?

Comment 2 Tomáš Chvátal (RETIRED) gentoo-dev

2011-09-08 20:15:39 UTC

Amd64 and x86 stable, works on both chroots.

Anything else? :)

Comment 3 Agostino Sarubbo gentoo-dev

2011-09-09 10:02:53 UTC

Already stable by Tomas. Adding glsa vote request.

Comment 4 Tim Sammut (RETIRED) gentoo-dev

2011-09-09 15:05:51 UTC

Thanks, folks. GLSA Vote: no.

Comment 5 Alex Legler (RETIRED) archtester

2011-09-09 18:47:06 UTC

NO too. Closing noglsa.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2011-10-08 00:58:40 UTC

CVE-2011-3354 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3354):
  The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before
  0.7.3 allows remote attackers to cause a denial of service (crash) via a
  crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the
  wild in September 2011.