Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 714780

Summary: <net-irc/unrealircd-5.0.3.1: Possible flood issue
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: kensington
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://forums.unrealircd.org/viewtopic.php?f=1&t=8979
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 02:24:42 UTC 
This issue affects the 5.x series only [0]: 5.0, 5.1, 5.2, 5.3.
There was a partial fix in 5.3 which resulted in 5.3.1 needing to be released.

"How serious is the flood issue? Can it be abused?
It can be triggered on purpose but it can also be triggered accidentally. It will start a flood between servers which can consume high amounts of bandwidth. Other than high bandwidth and possibly high CPU usage there will be no signs of the flood to IRCOps. If you only have one UnrealIRCd 5.x server then the issue cannot be triggered.

Which UnrealIRCd versions are affected?
UnrealIRCd 5.0.0, 5.0.1 and 5.0.2. The UnrealIRCd 4.x series are not affected."

[0] https://forums.unrealircd.org/viewtopic.php?f=1&t=8978
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 02:25:59 UTC 
@maintainer(s), please drop 5.0.1, 5.0.3.

Note that 4.x series was unaffected.
Comment 2 Larry the Git Cow gentoo-dev 2020-03-28 03:04:27 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d053cef9f20bf1c116d706c03f4172b7b41c0b34

commit d053cef9f20bf1c116d706c03f4172b7b41c0b34
Author:     Michael Palimaka <kensington@gentoo.org>
AuthorDate: 2020-03-28 03:03:55 +0000
Commit:     Michael Palimaka <kensington@gentoo.org>
CommitDate: 2020-03-28 03:03:55 +0000

    net-irc/unrealircd: remove 5.0.1 and 5.0.3
    
    Bug: https://bugs.gentoo.org/714780
    Package-Manager: Portage-2.3.89, Repoman-2.3.21
    Signed-off-by: Michael Palimaka <kensington@gentoo.org>

 net-irc/unrealircd/Manifest                |   2 -
 net-irc/unrealircd/unrealircd-5.0.1.ebuild | 168 -----------------------------
 net-irc/unrealircd/unrealircd-5.0.3.ebuild | 168 -----------------------------
 3 files changed, 338 deletions(-)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-28 03:48:53 UTC 
@maintainer(s): thanks, tree is clean! Closing.