oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: CVE Request - ZNC

From: Josh Bressers <bressers () redhat com>
Date: Tue, 10 Aug 2010 17:34:10 -0400 (EDT)
Please use CVE-2010-2812 for the PING issue
Please use CVE-2010-2934 for the substr() issues.

Thanks.

-- 
    JB


----- "Kurt Seifried" <kurt () seifried org> wrote:


Sorry forgot to mention it's version 0.092 (currently the latest) is
affected.

On Mon, Aug 9, 2010 at 5:36 PM, Kurt Seifried <kurt () seifried org>
wrote:

Vincent Danen      2010-08-09 17:44:43 EDT

An out-of-range flaw was found in znc where if it received a "PING"

from a

client without an argument, std::string would throw a

std::out_of_range

exception which killed znc.  This is fixed in subversion [1].

Some unsafe substr() calls were fixed as well.  These are of lesser

impact

because a valid login is required in order to cause a

std::out_of_range

exception.  This is also fixed in subversion [2].

[1]

http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093

[2]

http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095


http://en.znc.in/wiki/ZNC
https://bugzilla.redhat.com/show_bug.cgi?id=622601
https://bugzilla.redhat.com/show_bug.cgi?id=622600





-- 
Kurt Seifried
kurt () seifried org
tel: 1-703-879-3176
Previous By Date Next
Previous By Thread Next

Current thread: