oss-sec mailing list archives
Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 29 Jan 2013 14:08:21 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/29/2013 08:37 AM, Henri Salo wrote:
Mr. Bob Nomnomnom from Torland reported a denial of service security vulnerability in ircd-hybrid. Function hostmask.c:try_parse_v4_netmask() is using strtoul to parse masks. Documentation says strtoul can parse "-number" as well. Validation of input does not catch evil bits. I can give proof of concept if needed. Fixed in commit: http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786
Fixed in: ircd-hybrid 8.0.6
I have requested CVE identifier for this vulnerability in another email to Kurt. Other ircds are using the same code. Consider this email as official advisory. I tried to embargo this issue, but the commit is out already.
A yeah sorry dealing with ruby the last little while. I was going to reply to you to post this publicly on oss-sec =) Please use CVE-2013-0238 for this issue.
Program received signal SIGSEGV, Segmentation fault. 0x000000000041c799 in try_parse_v4_netmask (text=<value optimized out>, addr=0x113e270, b=0x113e2f8) at hostmask.c:229 229 addb[bits / 8] &= ~((1 << (8 - bits % 8)) - 1); -- Henri Salo
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRCDpFAAoJEBYNRVNeJnmTVRwP/1y8nF5g/xAKXyA+XcfJUuDB f9ojCk5SV1YtHZlKoLL7ByxMzyIb172B06138pjN+haQw0mtmMj3nauJ0JjSfb74 hNibV2u3iRxhFsB2bLaz0ksPSoo8ZZ811fHwDlt3iZFqOw5/pagYKLlo+Q4a3yUW c64V6wfbW6OTc6SrdYey76/PH8blk6riNtA8yiKUoCIcMTeQ+2LioVsXX9qzRVgG gRZeoxPwf0EeaPSG/2Yv/4FveHQqBreq8b2qINkjguDrou5BO5yubMM2xrrbbb2Y +FQYHLdIOepLI0LLrf5xC//4elER1Ju1OntZoii3ppX3wsIAiHQDLqvZg7tfAYKN hfKwmhr9lAsQJLstC2NuW30av4SDM23xn9nHop3mdTxdrRo4IKR0IXcibrIsaeox i9wzlj+AcG07XS7FmFe4v2xCw4CMUF4OMF6EC1sayYg3xTr7pyJEWltvYwH5PmZU H69MKyhdD7KfcqmU0l6F+UO7PsJHinjwFcuSTSCCkUuoFjpN4QN1zkNeUmUKMCAO vz9cuqCMT1HbPxT8/+FlO8VX4tdRcJP/EskQVfG4YL9i28BjjUZMg2/dvVcPMPtT k+eTlZs958Q95f1nhloMaR6N/zZ8wTwxhYPACqE7+g7ENe8k4m4MurxcSF2AudXV Hj342LKJmiThU/B8kvNX =mtdB -----END PGP SIGNATURE-----
Current thread:
- ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Henri Salo (Jan 29)
- Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Kurt Seifried (Jan 29)