Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 338879 (CVE-2010-3443) - <net-irc/quassel-{0.6.3,0.7.1}: Denial of Service Vulnerability (CVE-2010-3443)
Summary: <net-irc/quassel-{0.6.3,0.7.1}: Denial of Service Vulnerability (CVE-2010-3443)
Status: RESOLVED FIXED
Alias: CVE-2010-3443
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://git.quassel-irc.org/?p=quassel...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-09-27 06:30 UTC by Tim Sammut (RETIRED)
Modified: 2013-11-07 01:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-09-27 06:30:15 UTC
From $url:

 If we receive multiple CTCP requests in one PRIVMSG we now answer with
 one packed NOTICE containing all CTCP replies. This fixes a possible
 DoS Attack rendering Quassels IRC connection useless. Upgrading is
 strongly recommended. Thanks to Jima for reporting and supporting.

Fixed software is already in the tree, and vulnerable code has already been removed. This bug is for GLSA tracking only.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-09-30 20:58:17 UTC
GLSA Vote: Yes, unassisted remote DoS.
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2010-10-27 11:07:30 UTC
YES too, request filed.
Comment 3 Keshav Kini 2012-10-23 23:52:22 UTC
Ping.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-11-07 01:53:41 UTC
This issue was resolved and addressed in
 GLSA 201311-03 at http://security.gentoo.org/glsa/glsa-201311-03.xml
by GLSA coordinator Sean Amoss (ackle).