Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 593294 (CVE-2016-7144) - <net-irc/unrealircd-{,4.0.6}: certificate spoofing through crafted SASL message
Summary: <net-irc/unrealircd-{,4.0.6}: certificate spoofing through crafted SA...
Alias: CVE-2016-7144
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2016-09-09 13:46 UTC by Agostino Sarubbo
Modified: 2016-11-21 03:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-09-09 13:46:14 UTC
From ${URL} :

>> Security: SASL security issue (UnrealIRCd 4.0.6 & released)
>> A security issue was detected in a number of IRCd's, including
>> UnrealIRCd, regarding the way SASL is implemented.
>> An attacker can send an SSL fingerprint of his choice to services when
>> doing SASL authentication. An attacker can compromise a services
>> account if the user has an SSL fingerprint stored in services.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Nathan Phillip Brink (binki) (RETIRED) gentoo-dev 2016-09-11 14:07:38 UTC
unrealircd- needs to be stabilized and unrealircd- dropped. Please go ahead.

4.x has never been stable yet so I bumped it without keeping the old version.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2016-09-12 23:26:11 UTC
@ Arches,

please test and mark stable: =net-irc/unrealircd-
Targeted stable KEYWORDS: amd64 x86 ppc
Comment 3 Agostino Sarubbo gentoo-dev 2016-09-13 12:03:13 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-09-29 09:07:29 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-09-29 13:09:09 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2016-11-11 12:54:01 UTC
@maintainer(s), please drop so we can close.

GLSA Vote: No
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2016-11-21 03:11:46 UTC
Maintainer currently without commit access.  Tree is clean.