199897 – (CVE-2007-6122) net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)

Bug 199897 (CVE-2007-6122) - net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)

Summary: net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)

Status:	RESOLVED FIXED

Alias:	CVE-2007-6122

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/27761/
Whiteboard:	B3 [glsa]
Keywords:

Duplicates (1):	200467 (view as bug list)
Depends on:
Blocks:

Reported:	2007-11-21 14:22 UTC by Lars Hartmann
Modified:	2008-03-06 09:50 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Hartmann 2007-11-21 14:22:08 UTC

A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the improper handling of overly long passwords within the "default_encrypt()" function in encrypt.c and can be exploited to crash an affected server.

The vulnerability is reported in versions prior to 5.0.63 and 5.1.9.

Solution:
Update to version 5.0.63 or 5.1.9.
http://www.ircservices.za.net/download.html

Provided and/or discovered by:
The vendor credits loverboy.

Reproducible: Always

Comment 1 Lars Hartmann 2007-11-26 21:41:31 UTC

maintainers - please advice

Comment 2 Dawid Węgliński (RETIRED) gentoo-dev

2007-11-27 15:43:54 UTC

*** Bug 200467 has been marked as a duplicate of this bug. ***

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2007-11-28 02:08:01 UTC

Missed that one.

Comment 4 Dawid Węgliński (RETIRED) gentoo-dev

2007-11-29 20:06:23 UTC

Ok, bumped to 5.0.63 till i have some more time to bump to 5.1.9

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2007-11-29 21:22:19 UTC

Arches, please test and mark stable net-irc/ircservices-5.0.63.
Target keywords : "ppc x86"

Comment 6 Christian Faulhammer (RETIRED) gentoo-dev

2007-11-30 13:03:34 UTC

x86 stable

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2007-11-30 22:45:38 UTC

ppc stable

Comment 8 Lars Hartmann 2007-12-01 13:50:11 UTC

this bug is ready for glsa decision

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2007-12-02 12:42:41 UTC

Voting YES.

Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-12-10 21:48:29 UTC

yes too, request filed.

Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-12-13 22:08:44 UTC

GLSA 200712-12

Comment 12 Peter Volkov (RETIRED) gentoo-dev

2008-03-06 09:50:56 UTC

Does not affect current (2008.0) release. Removing release.