oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Inspircd <2.0.19 DoS

From: cve-assign () mitre org
Date: Tue, 29 Dec 2015 11:31:04 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Inspircd <2.0.19 has a DoS caused by PTR lookup of connecting users.



From their changelog: "...including a fix for a bug which allowed
malformed DNS records to cause netsplits on a network. Triggering this
issue is non-trivial and it may not occur in all circumstances, but all
users are advised to upgrade."



http://www.inspircd.org/2015/04/16/v2019-released.html
https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559



src/dns.cpp



if (resultstr.find_first_not_of("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-") != 
std::string::npos)



"Invalid char(s) in reply"


Use CVE-2015-8702.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWgrTBAAoJEL54rhJi8gl5aIEP/2g9jqgkUoPvyEMPgZIITKYx
tWXKCweTow3+G5fIkMMYiPZhwBqc5eGG6JS0fGOjFWb5+WLvtnTZh8I2xZrYJ4QF
uOgbvky3WJ73WjmoPkEfv6VGIAjyRx3eVDvdZkng4vmnDciIM0DF/9JQxTMUuI/5
MdegRN6O9frCcFBcBThK8F+cTSeOwG6dHRc9IQfYvIVYm8ZummOZz0dSS5b8Zd4y
+/cUeVmlkZrAEBf3t9REzK1JjiYbmlMXSsuyHdYcYIAE57VJG335EAVTA91BgkBG
GI5DZBJC8yvsR5rCnYy9USWJdvzWmhL9/Ij77ODzC4kwpI8tiU0VXW0FXA1KOdI1
UWcWeSlhTKidJTpcPA/dcDyZ1g8CYZsjNdvl04Ma+SGYncMI/oUNFx1Mqixr1o1Z
+npuV0JtTk1dyc+YXXVLptR8wpyiBe+t7Y+Vpw2Ul1YG/itz4tQXPa+/APmcxezy
aAQGEfEBMUYIQ9vuJ0N+VJSqQ70w74QS6m1Da9QENjPO6OpAWDeNApMsybv/aWGT
xgMr+np6EMAImvwCHJ5YMwUIj3d0G8ZKVjgPBOokauX8ueM5h6byeyUalptcYxtl
fvpNjfIGxBtDxRullUEDYfXYpenhKnP8/aPcvp+MjBBz0Ml2LJI1+Yi8nxs1qlO/
JWH+/E/bYvFwwqR8JnH0
=GVyG
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: