Bug 622600 (CVE-2010-2812, CVE-2010-2934)

Summary: CVE-2010-2812 CVE-2010-2934 znc: multiple out-of-range errors can crash znc
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: nb, silfreed
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-12 23:47:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 622601    
Bug Blocks:    

Description Vincent Danen 2010-08-09 21:44:43 UTC
An out-of-range flaw was found in znc where if it received a "PING" from a client without an argument, std::string would throw a std::out_of_range exception which killed znc.  This is fixed in subversion [1].

Some unsafe substr() calls were fixed as well.  These are of lesser impact because a valid login is required in order to cause a std::out_of_range exception.  This is also fixed in subversion [2].

[1] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
[2] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095

Comment 1 Vincent Danen 2010-08-09 21:46:04 UTC
Created znc tracking bugs for this issue

Affects: fedora-all [bug 622601]

Comment 2 Vincent Danen 2010-08-10 21:43:58 UTC
CVE-2010-2812 was assigned to the first issue (PING DoS), CVE-2010-2934 was assigned to the second issue (unsafe substr() calls).

Comment 3 Fedora Update System 2010-08-12 04:12:24 UTC
znc-0.093-2.svn2101.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2010-08-12 04:12:46 UTC
znc-0.093-2.svn2101.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.