oss-sec mailing list archives
Re: CVE request: irssi 0.8.15
From: Wouter Coekaerts <coekie () irssi org>
Date: Tue, 13 Apr 2010 22:47:08 +0200
Hi,
I believe assignment of CVE-2010-1154 is redundant here, given that CVE-2010-1155 is about the completely missing server name check. If it wasn't checking names, it wasn't handling \0 in names incorrectly.
Indeed. It never checked the hostname at all, so there was no mishandling of \0.
The crash bits mentioned in the changelog are very ambiguous. The git tree isn't any more clear than that. There appear to be two crashes, both sound like NULL pointer dereferences that cannot be triggered by an attacker. If I'm wrong, please speak up.
It is about this entry in the changelog/NEWS: - Fix crash when checking for fuzzy nick match when not on the channel. Reported by Aurelien Delaitre (SATE 2009). The fix is revision 5126 ( http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126 ) It is only exploitable (resulting in a crash) at the exact moment the victim is leaving a channel. With some good timing it can be triggered by an attacker. Regards, Wouter aka coekie Irssi developer.
Current thread:
- CVE request: irssi 0.8.15 Tobias Heinlein (Apr 11)
- <Possible follow-ups>
- Re: CVE request: irssi 0.8.15 Josh Bressers (Apr 12)
- Re: CVE request: irssi 0.8.15 Steven M. Christey (Apr 12)
- Re: CVE request: irssi 0.8.15 Josh Bressers (Apr 13)
- Re: CVE request: irssi 0.8.15 Tomas Hoger (Apr 13)
- Re: CVE request: irssi 0.8.15 Steven M. Christey (Apr 12)
- Re: CVE request: irssi 0.8.15 Wouter Coekaerts (Apr 13)
- Re: Re: CVE request: irssi 0.8.15 Jamie Strandboge (Apr 17)
- Re: Re: CVE request: irssi 0.8.15 Wouter Coekaerts (Apr 26)
- Re: Re: CVE request: irssi 0.8.15 Steve Langasek (Apr 27)
- Re: Re: CVE request: irssi 0.8.15 Jamie Strandboge (Apr 17)