Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 755851 - <net-irc/inspircd-3.6.0: Use-after-free in pgsql module (CVE-2020-25269)
Summary: <net-irc/inspircd-3.6.0: Use-after-free in pgsql module (CVE-2020-25269)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://docs.inspircd.org/security/20...
Whiteboard: C3 [noglsa]
Keywords: PullRequest
Depends on: 755854
Blocks: CVE-2019-20917, CVE-2019-20918, CVE-2020-25269
  Show dependency tree
 
Reported: 2020-11-20 17:07 UTC by Sam James
Modified: 2021-01-25 23:51 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-11-20 17:07:32 UTC
"Summary

The pgsql module before v2.0.29 and v3.6.0 contains a use after free vulnerability. When combined with the sqlauth or sqloper modules this vulnerability can be used to remotely crash an InspIRCd server by any user able to connect to a server.
Affected Versions

This vulnerability is present in the following releases:

    All versions of v2 before v2.0.29
    All versions of v3 before v3.6.0

Recommended Action

This vulnerability is fixed in versions 2.0.29 and 3.6.0. It is strongly recommended that all affected users upgrade.

If upgrading is not possible then the pgsql module should be unloaded."
Comment 1 NATTkA bot gentoo-dev 2020-11-22 03:56:50 UTC
Unable to check for sanity:

> no match for package: net-irc/inspircd-3.8.0
Comment 2 Larry the Git Cow gentoo-dev 2020-12-31 01:13:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83567ff2355ef80076990e51cc58fcef2cdf1138

commit 83567ff2355ef80076990e51cc58fcef2cdf1138
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-12-30 21:25:02 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-12-31 01:13:41 +0000

    net-irc/inspircd: security cleanup (drop <3.8.1)
    
    Bug: https://bugs.gentoo.org/743205
    Bug: https://bugs.gentoo.org/755851
    Bug: https://bugs.gentoo.org/755854
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/18885
    Signed-off-by: Sam James <sam@gentoo.org>

 net-irc/inspircd/Manifest                          |   2 -
 .../files/inspircd-2.0.27-fix-path-builds.patch    | 257 -------------------
 .../files/inspircd-3.4.0-fix-path-builds.patch     | 271 ---------------------
 net-irc/inspircd/inspircd-2.0.29.ebuild            | 115 ---------
 net-irc/inspircd/inspircd-3.4.0-r1.ebuild          | 121 ---------
 5 files changed, 766 deletions(-)