From ${URL} : Elemental-IRCd Security Release: 2015-10-07 =========================================== CVE-2015-5290 Elemental-IRCd reference code: e50b0d59-f3c5-4472-a3cd-e2e07731417c Permanent link: http://elemental-ircd.com/security/e50b0d59-f3c5-4472-a3cd-e2e07731417c Distribution of this document is unlimited and encouraged as long as it remains unchanged. ## Summary Elemental-IRCd is an Internet Relay Chat (IRC / RFC 1459) daemon intended for stable, secure deployments for both private and public-facing users. It provides quick messaging across servers, even when deployed on a global scale. One of the recent goals of the project has been to limit memory leaks and test functionality to ensure quality for all users. While looking for resource leaks and other things to test inside Elemental-IRCd git master, we stumbled on an unfortunate programming error in how the MONITOR command was handled that can lead to a system out-of-memory event if an attacker hammers at the MONITOR command over and over. ## Affected Daemons In our testing, the following IRC daemons were affected: ircd-ratbox 3.0.8, SVN trunk and older charybdis 3.5-dev and older ircd-seven 1.1.3 and older Elemental-IRCd 6.6.2 and older Other derivatives of these daemons will be affected as well unless for some reason they came across and fixed that issue before this release. ## Vulnerability Information Public release date: 2015-10-07 CVE: CVE-2015-5290 CVSS v3: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C/CR:H/IR:L/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MC:L/MI:N/MA:H CVSS score: 8.8 / 8.6 / 9.5 Attack complexity: Trivial (less than 30 lines of code) ## Notes If applying these patches is somehow impossible, the attack can be completely mitigated by unloading the m_monitor.so module using the following command provided you have permission to load and unload modules: /MODUNLOAD m_monitor.so The required privilege to do this is defined as the admin flag inside the flags section of the relevant operator{} block in the configuration (OLD:O:Line). This patch can be applied at runtime and will automatically garbage-collect any memory that has been leaked in the past. A full set of technical details will be released as soon as it is confirmed that major IRC networks affected by this have been patched. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
3.5.0 is available upstream: https://github.com/charybdis-ircd/charybdis/releases Additionally, a patch is available for 3.4.2: http://elemental-ircd.com/security/e50b0d59-f3c5-4472-a3cd-e2e07731417c/
ping for ebuild.
Created attachment 439776 [details] quickly thrown together. src_prepare sed pieces removed. So double check conf file setup.
no rdeps.
# Michał Górny <mgorny@gentoo.org> (05 Jun 2017) # (on behalf of Treecleaner project) # Unmaintained in Gentoo. Security vulnerability. # Removal in 30 days. Bug #562896. net-irc/charybdis
commit b6e6234008767ec82ed0fb1642b3f933d94e5f8f Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Wed Jul 5 12:32:14 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Wed Jul 5 12:35:23 2017 net-irc/charybdis: Remove last-rited pkg, #562896
Nothing more for us to do here, unCC-ing to avoid cluttering search results.
GLSA Vote: No