570244 – (CVE-2015-8702) net-irc/inspircd: DoS caused by PTR lookup of connecting users (CVE-2015-8702)

Bug 570244 (CVE-2015-8702) - net-irc/inspircd: DoS caused by PTR lookup of connecting users (CVE-2015-8702)

Summary: net-irc/inspircd: DoS caused by PTR lookup of connecting users (CVE-2015-8702)

Status:	RESOLVED FIXED

Alias:	CVE-2015-8702

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	B3 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2015-12-30 13:43 UTC by Agostino Sarubbo
Modified:	2015-12-30 21:28 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-12-30 13:43:47 UTC

From ${URL} :

Inspircd <2.0.19 has a DoS caused by PTR lookup of connecting users.

From their changelog: "...including a fix for a bug which allowed
malformed DNS records to cause netsplits on a network. Triggering this
issue is non-trivial and it may not occur in all circumstances, but all
users are advised to upgrade."

http://www.inspircd.org/2015/04/16/v2019-released.html

Relevant commit:
https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559



@security: please file the request for the GLSA.

Comment 1 Yury German Gentoo Infrastructure

2015-12-30 21:13:16 UTC

Added to an existing GLSA Request.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2015-12-30 21:28:50 UTC

This issue was resolved and addressed in
 GLSA 201512-13 at https://security.gentoo.org/glsa/201512-13
by GLSA coordinator Yury German (BlueKnight).