oss-sec mailing list archives
ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()
From: Henri Salo <henri () nerv fi>
Date: Tue, 29 Jan 2013 17:37:19 +0200
Mr. Bob Nomnomnom from Torland reported a denial of service security vulnerability in ircd-hybrid. Function hostmask.c:try_parse_v4_netmask() is using strtoul to parse masks. Documentation says strtoul can parse "-number" as well. Validation of input does not catch evil bits. I can give proof of concept if needed. Fixed in commit: http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786 Fixed in: ircd-hybrid 8.0.6 I have requested CVE identifier for this vulnerability in another email to Kurt. Other ircds are using the same code. Consider this email as official advisory. I tried to embargo this issue, but the commit is out already. Program received signal SIGSEGV, Segmentation fault. 0x000000000041c799 in try_parse_v4_netmask (text=<value optimized out>, addr=0x113e270, b=0x113e2f8) at hostmask.c:229 229 addb[bits / 8] &= ~((1 << (8 - bits % 8)) - 1); -- Henri Salo
Current thread:
- ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Henri Salo (Jan 29)
- Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Kurt Seifried (Jan 29)