oss-sec mailing list archives
Re: Inspircd <2.0.19 DoS
From: cve-assign () mitre org
Date: Tue, 29 Dec 2015 11:31:04 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Inspircd <2.0.19 has a DoS caused by PTR lookup of connecting users.
From their changelog: "...including a fix for a bug which allowed malformed DNS records to cause netsplits on a network. Triggering this issue is non-trivial and it may not occur in all circumstances, but all users are advised to upgrade."
http://www.inspircd.org/2015/04/16/v2019-released.html https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559
src/dns.cpp
if (resultstr.find_first_not_of("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-") != std::string::npos)
"Invalid char(s) in reply"
Use CVE-2015-8702. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWgrTBAAoJEL54rhJi8gl5aIEP/2g9jqgkUoPvyEMPgZIITKYx tWXKCweTow3+G5fIkMMYiPZhwBqc5eGG6JS0fGOjFWb5+WLvtnTZh8I2xZrYJ4QF uOgbvky3WJ73WjmoPkEfv6VGIAjyRx3eVDvdZkng4vmnDciIM0DF/9JQxTMUuI/5 MdegRN6O9frCcFBcBThK8F+cTSeOwG6dHRc9IQfYvIVYm8ZummOZz0dSS5b8Zd4y +/cUeVmlkZrAEBf3t9REzK1JjiYbmlMXSsuyHdYcYIAE57VJG335EAVTA91BgkBG GI5DZBJC8yvsR5rCnYy9USWJdvzWmhL9/Ij77ODzC4kwpI8tiU0VXW0FXA1KOdI1 UWcWeSlhTKidJTpcPA/dcDyZ1g8CYZsjNdvl04Ma+SGYncMI/oUNFx1Mqixr1o1Z +npuV0JtTk1dyc+YXXVLptR8wpyiBe+t7Y+Vpw2Ul1YG/itz4tQXPa+/APmcxezy aAQGEfEBMUYIQ9vuJ0N+VJSqQ70w74QS6m1Da9QENjPO6OpAWDeNApMsybv/aWGT xgMr+np6EMAImvwCHJ5YMwUIj3d0G8ZKVjgPBOokauX8ueM5h6byeyUalptcYxtl fvpNjfIGxBtDxRullUEDYfXYpenhKnP8/aPcvp+MjBBz0Ml2LJI1+Yi8nxs1qlO/ JWH+/E/bYvFwwqR8JnH0 =GVyG -----END PGP SIGNATURE-----
Current thread:
- Inspircd <2.0.19 DoS Mark Felder (Dec 29)
- Re: Inspircd <2.0.19 DoS cve-assign (Dec 29)