Bug 559382 (CVE-2009-4016, CVE-2010-0300)

Summary: CVE-2009-4016 CVE-2010-0300 ircd-{hybrid,ratbox}: multiple vulnerabilities
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: eric.tanguy, jlieskov, mmahut, rmonk
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4016
Whiteboard: impact=critical,source=vendor-sec,reported=20100126,public=20100127,cvss2=6.4/AV:N/AC:L/Au:N/C:N/I:P/A:P
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-17 19:20:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 559383, 559384    
Bug Blocks:    
Attachments:
Description Flags
patch from Debian to correct CVE-2009-4016
none
patch from Debian to correct CVE-2010-0300 none

Description Vincent Danen 2010-01-27 23:28:29 UTC
Two vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and oftc-hybrid.  The first is an integer overflow that can lead to a denial of service or, possibly, the execution of arbitrary code on the ircd server (CVE-2009-4016 (patch [1])), the second is a NULL pointer dereference that can lead to a denial of service of the ircd server (CVE-2010-0300 (patch [2])).

This has been corrected in upstream ircd-ratbox 2.2.9 [3].  CVE-2010-0300 may be ircd-ratbox specific, however CVE-2009-4016 affects both ircd servers.

[1] http://ircd.ratbox.org/cgi-bin/index.cgi/ircd-ratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732
[2] http://trac.oftc.net/projects/oftc-hybrid/changeset/1062
[3] http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html

This issue would affect Fedora 11, 12, and rawhide, as well as EPEL 4 and 5.

Comment 1 Vincent Danen 2010-01-27 23:30:50 UTC
Created attachment 387193 [details]
patch from Debian to correct CVE-2009-4016

Comment 2 Vincent Danen 2010-01-27 23:31:27 UTC
Created attachment 387195 [details]
patch from Debian to correct CVE-2010-0300

Comment 5 Vincent Danen 2010-01-27 23:43:55 UTC
Upstream opted to remove the vulnerable clean_string() function in ircd-hybrid:

http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev

Comment 6 Jan Lieskovsky 2010-02-04 16:37:04 UTC
Eric, Marek,

  any update with scheduling Fedora-* ircd-{hybrid,ratbox} updates?

Thanks, Jan.

Comment 7 Eric Tanguy 2010-02-04 16:51:14 UTC
Sorry but i have orphaned ircd-hybrid.
Eric

Comment 8 Rakesh Pandit 2010-05-29 04:44:16 UTC
I am looking into it.

Comment 9 Fedora Update System 2010-05-29 06:16:24 UTC
ircd-hybrid-7.2.3-11.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/ircd-hybrid-7.2.3-11.fc12

Comment 10 Fedora Update System 2010-06-08 19:30:35 UTC
ircd-ratbox-2.2.8-7.fc12, ircd-hybrid-7.2.3-11.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.