A vulnerability has been discovered in Bip, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer deference error within the function "bip_on_event()" in src/irc.c, which can be exploited to cause a crash by sending specially crafted data to Bip's listening socket (e.g. 7778/TCP).
The vulnerability is confirmed in version 0.8.5. Other versions may also be affected.
This has been assigned CVE-2010-3071.
Created attachment 246608 [details, diff]
I'll apply the attached patch to our ebuild. It's not approved by upstream, but nohar isn't responding at the moment and this DoS might get very annoying as there is no authentication needed to exploit it.
Arches, please test and mark stable:
Target keywords : "amd64 x86"
Builds and runs fine on x86. Please mark stable for x86.
x86 stable, thanks Myckel
There's a 0.8.6 version which fixes the bug.
The patch was backported and released as net-irc/bip-0.8.5-r1.
GLSA vote: yes.
GLSA Vote: Yes, remote DoS in a multi-user service.
GLSA request filed.
This issue was resolved and addressed in
GLSA 201201-18 at http://security.gentoo.org/glsa/glsa-201201-18.xml
by GLSA coordinator Alex Legler (a3li).