oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 29 Jan 2013 14:08:21 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/29/2013 08:37 AM, Henri Salo wrote:

Mr. Bob Nomnomnom from Torland reported a denial of service
security vulnerability in ircd-hybrid. Function
hostmask.c:try_parse_v4_netmask() is using strtoul to parse masks.
Documentation says strtoul can parse "-number" as well. Validation
of input does not catch evil bits. I can give proof of concept if
needed.

Fixed in commit:
http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786



Fixed in: ircd-hybrid 8.0.6


I have requested CVE identifier for this vulnerability in another
email to Kurt. Other ircds are using the same code. Consider this
email as official advisory. I tried to embargo this issue, but the
commit is out already.


A yeah sorry dealing with ruby the last little while. I was going to
reply to you to post this publicly on oss-sec =)

Please use CVE-2013-0238 for this issue.


Program received signal SIGSEGV, Segmentation fault. 
0x000000000041c799 in try_parse_v4_netmask (text=<value optimized
out>, addr=0x113e270, b=0x113e2f8) at hostmask.c:229 229
addb[bits / 8] &= ~((1 << (8 - bits % 8)) - 1);

-- Henri Salo




- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRCDpFAAoJEBYNRVNeJnmTVRwP/1y8nF5g/xAKXyA+XcfJUuDB
f9ojCk5SV1YtHZlKoLL7ByxMzyIb172B06138pjN+haQw0mtmMj3nauJ0JjSfb74
hNibV2u3iRxhFsB2bLaz0ksPSoo8ZZ811fHwDlt3iZFqOw5/pagYKLlo+Q4a3yUW
c64V6wfbW6OTc6SrdYey76/PH8blk6riNtA8yiKUoCIcMTeQ+2LioVsXX9qzRVgG
gRZeoxPwf0EeaPSG/2Yv/4FveHQqBreq8b2qINkjguDrou5BO5yubMM2xrrbbb2Y
+FQYHLdIOepLI0LLrf5xC//4elER1Ju1OntZoii3ppX3wsIAiHQDLqvZg7tfAYKN
hfKwmhr9lAsQJLstC2NuW30av4SDM23xn9nHop3mdTxdrRo4IKR0IXcibrIsaeox
i9wzlj+AcG07XS7FmFe4v2xCw4CMUF4OMF6EC1sayYg3xTr7pyJEWltvYwH5PmZU
H69MKyhdD7KfcqmU0l6F+UO7PsJHinjwFcuSTSCCkUuoFjpN4QN1zkNeUmUKMCAO
vz9cuqCMT1HbPxT8/+FlO8VX4tdRcJP/EskQVfG4YL9i28BjjUZMg2/dvVcPMPtT
k+eTlZs958Q95f1nhloMaR6N/zZ8wTwxhYPACqE7+g7ENe8k4m4MurxcSF2AudXV
Hj342LKJmiThU/B8kvNX
=mtdB
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: