Bug 400599 (CVE-2012-0806)

Summary:	<net-irc/bip-0.8.8-r1 Buffer overflow when number of open fds >= FD_SETSIZE (CVE-2012-0806)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	net-irc
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://projects.duckcorp.org/issues/269
Whiteboard:	B1 [glsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2012-01-24 13:59:01 UTC

Julien Tinnes reported that bip does not check the number of open file descriptors against FD_SETSIZE, resulting in a buffer overflow that is supposed to be exploitable.

Fix: https://projects.duckcorp.org/projects/bip/repository/revisions/222a33cb84a2e52ad55a88900b7895bf9dd0262c

Comment 1 Alex Legler (RETIRED) archtester

2012-01-24 14:04:40 UTC

I'm assuming there's a release right around the corner.

Comment 2 Alex Legler (RETIRED) archtester

2012-01-27 17:09:11 UTC

No release yet, went for a revbump.

Arches, please test and mark stable:
=net-irc/bip-0.8.8-r1
Target keywords : "amd64 x86"

Comment 3 Agostino Sarubbo gentoo-dev

2012-01-27 19:43:02 UTC

amd64 stable

Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2012-01-29 12:24:09 UTC

x86 stable

Comment 5 Agostino Sarubbo gentoo-dev

2012-01-29 12:55:33 UTC

B1 should be good.


Filed new glsa request. Thanks everyone.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2012-01-29 13:17:24 UTC

CVE-2012-0806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806):
  Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated
  users to execute arbitrary code via vectors involving a series of TCP
  connections that triggers use of many open file descriptors.

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2012-01-30 12:46:14 UTC

This issue was resolved and addressed in
 GLSA 201201-18 at http://security.gentoo.org/glsa/glsa-201201-18.xml
by GLSA coordinator Alex Legler (a3li).