Summary: | <net-irc/inspircd-2.0.5-r1 : DNS Response Processing Buffer Overflow Vulnerability (CVE-2012-1836) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | brain, nimiux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48474/ | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-03-21 11:46:27 UTC
I guess our configuration is vulnerable since it defines <performance:nouserdns> to "no". The inspircd website has been down for more than a week. I tried to contact them some months ago wrt the update of the current gentoo version shown in their webpage but I got no response. I'll bump the current version to apply the workaround proposed and some pending minor changes. Removing Dane Smith (c1pher) from CC, he was my proxy. Thanks for the heads up. (In reply to comment #1) > Removing Dane Smith (c1pher) from CC, he was my proxy. Please also remove it from metadata.xml CVE-2012-1836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1836): Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression. inspircd-2.0.5-r1 now in the tree, includes suggested workaround. thanks. Arches, please test and mark stable: =net-irc/inspircd-2.0.5-r1 Target KEYWORDS : "amd64 x86" The following configuration directory sample can help to test the package: https://bugs.gentoo.org/show_bug.cgi?id=375661#c3 Thanks. amd64 stable x86 stable Thanks, everyone. Already in GLSA request. There is an issue in this ebuild, about the "ssl" use flag which used to be "openssl" use flag. IUSE="gnutls ipv6 ldap mysql postgres sqlite ssl" <<--- was "openssl" in previous ebuilds, even 2.0.5 non-r1. RDEPEND=" dev-lang/perl ssl? ( dev-libs/openssl ) <<--- same here Thus m_ssl_openssl.so isn't build anymore, preventing eventually inspircd from starting. (In reply to comment #10) > There is an issue in this ebuild, about the "ssl" use flag which used to be > "openssl" use flag. The flag name was changed, according to use.desc: ssl - Adds support for Secure Socket Layer connections > > Thus m_ssl_openssl.so isn't build anymore, preventing eventually inspircd > from starting. You are right, my bad here, the package is not been properly configured for the new flag name. Thanks for the catch! @ago: I have a fix for this. I'd fix it in inspircd-2.0.5-r2, but, would it be ok to include it in current inspircd-2.0.5-r1, avoiding the revision bump?. Thanks gnutls also affected: Unable to load m_ssl_gnutls.so: /usr/lib64/inspircd/modules/m_ssl_gnutls.so: undefined symbol: gcry_randomize (In reply to comment #12) > gnutls also affected: > > Unable to load m_ssl_gnutls.so: /usr/lib64/inspircd/modules/m_ssl_gnutls.so: > undefined symbol: gcry_randomize correction: resolved as incompatible with gnutls-2.12.18 (In reply to comment #13) > (In reply to comment #12) > > correction: resolved as incompatible with gnutls-2.12.18 This commit [1] fixes the m_ssl_gnutls module link breakage with gnutls-2.12.18. Unfortunately it was not included in inspircd-2.0.5 upstream version. I'll include this fix in the upcoming inspircd-2.0.5-r2 revision. Thanks. [1] https://github.com/inspircd/inspircd/commit/b6cfed350681b97e5ff4e417717fa973e466d3d4#src/modules/extra/m_ssl_gnutls.cpp This issue was resolved and addressed in GLSA 201204-02 at http://security.gentoo.org/glsa/glsa-201204-02.xml by GLSA coordinator Sean Amoss (ackle). |