oss-sec mailing list archives

Re: CVE Request -- Bip -- Remote Dos (crash) by exchanging user credentials

From: Josh Bressers <bressers () redhat com>
Date: Tue, 7 Sep 2010 14:44:36 -0400 (EDT)

Please use CVE-2010-3071

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hello Steve, vendors,

   A denial of service flaw was found in the way Bip IRC Bouncer
exchanged user credentials by initiating the IRC protocol session.
A remote, unauthenticated user could send a specially crafted
connection request, leading to bip daemon crash (NULL pointer
dereference)

References:
   [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409
   [2] https://bugzilla.redhat.com/show_bug.cgi?id=630437

Could you allocate CVE id for this one?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Bip -- Remote Dos (crash) by exchanging user credentials Jan Lieskovsky (Sep 05)
- Re: CVE Request -- Bip -- Remote Dos (crash) by exchanging user credentials Josh Bressers (Sep 07)