Bug 559382 - (CVE-2009-4016, CVE-2010-0300) CVE-2009-4016 CVE-2010-0300 ircd-{hybrid,ratbox}: multiple vulnerabilities
CVE-2009-4016 CVE-2010-0300 ircd-{hybrid,ratbox}: multiple vulnerabilities
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 559383 559384
  Show dependency treegraph
Reported: 2010-01-27 18:28 EST by Vincent Danen
Modified: 2015-07-31 02:24 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-06-17 15:20:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch from Debian to correct CVE-2009-4016 (255 bytes, patch)
2010-01-27 18:30 EST, Vincent Danen
no flags Details | Diff
patch from Debian to correct CVE-2010-0300 (1.56 KB, patch)
2010-01-27 18:31 EST, Vincent Danen
no flags Details | Diff

  None (edit)
Description Vincent Danen 2010-01-27 18:28:29 EST
Two vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and oftc-hybrid.  The first is an integer overflow that can lead to a denial of service or, possibly, the execution of arbitrary code on the ircd server (CVE-2009-4016 (patch [1])), the second is a NULL pointer dereference that can lead to a denial of service of the ircd server (CVE-2010-0300 (patch [2])).

This has been corrected in upstream ircd-ratbox 2.2.9 [3].  CVE-2010-0300 may be ircd-ratbox specific, however CVE-2009-4016 affects both ircd servers.

[1] http://ircd.ratbox.org/cgi-bin/index.cgi/ircd-ratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732
[2] http://trac.oftc.net/projects/oftc-hybrid/changeset/1062
[3] http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html

This issue would affect Fedora 11, 12, and rawhide, as well as EPEL 4 and 5.
Comment 1 Vincent Danen 2010-01-27 18:30:50 EST
Created attachment 387193 [details]
patch from Debian to correct CVE-2009-4016
Comment 2 Vincent Danen 2010-01-27 18:31:27 EST
Created attachment 387195 [details]
patch from Debian to correct CVE-2010-0300
Comment 5 Vincent Danen 2010-01-27 18:43:55 EST
Upstream opted to remove the vulnerable clean_string() function in ircd-hybrid:

Comment 6 Jan Lieskovsky 2010-02-04 11:37:04 EST
Eric, Marek,

  any update with scheduling Fedora-* ircd-{hybrid,ratbox} updates?

Thanks, Jan.
Comment 7 Eric Tanguy 2010-02-04 11:51:14 EST
Sorry but i have orphaned ircd-hybrid.
Comment 8 Rakesh Pandit 2010-05-29 00:44:16 EDT
I am looking into it.
Comment 9 Fedora Update System 2010-05-29 02:16:24 EDT
ircd-hybrid-7.2.3-11.fc12 has been submitted as an update for Fedora 12.
Comment 10 Fedora Update System 2010-06-08 15:30:35 EDT
ircd-ratbox-2.2.8-7.fc12, ircd-hybrid-7.2.3-11.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.