Bug 559382 - (CVE-2009-4016, CVE-2010-0300) CVE-2009-4016 CVE-2010-0300 ircd-{hybrid,ratbox}: multiple vulnerabilities
CVE-2009-4016 CVE-2010-0300 ircd-{hybrid,ratbox}: multiple vulnerabilities
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=critical,source=vendor-sec,rep...
: Security
Depends On: 559383 559384
Blocks:
  Show dependency treegraph
 
Reported: 2010-01-27 18:28 EST by Vincent Danen
Modified: 2015-07-31 02:24 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-06-17 15:20:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch from Debian to correct CVE-2009-4016 (255 bytes, patch)
2010-01-27 18:30 EST, Vincent Danen
no flags Details | Diff
patch from Debian to correct CVE-2010-0300 (1.56 KB, patch)
2010-01-27 18:31 EST, Vincent Danen
no flags Details | Diff

  None (edit)
Description Vincent Danen 2010-01-27 18:28:29 EST
Two vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and oftc-hybrid.  The first is an integer overflow that can lead to a denial of service or, possibly, the execution of arbitrary code on the ircd server (CVE-2009-4016 (patch [1])), the second is a NULL pointer dereference that can lead to a denial of service of the ircd server (CVE-2010-0300 (patch [2])).

This has been corrected in upstream ircd-ratbox 2.2.9 [3].  CVE-2010-0300 may be ircd-ratbox specific, however CVE-2009-4016 affects both ircd servers.

[1] http://ircd.ratbox.org/cgi-bin/index.cgi/ircd-ratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732
[2] http://trac.oftc.net/projects/oftc-hybrid/changeset/1062
[3] http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html

This issue would affect Fedora 11, 12, and rawhide, as well as EPEL 4 and 5.
Comment 1 Vincent Danen 2010-01-27 18:30:50 EST
Created attachment 387193 [details]
patch from Debian to correct CVE-2009-4016
Comment 2 Vincent Danen 2010-01-27 18:31:27 EST
Created attachment 387195 [details]
patch from Debian to correct CVE-2010-0300
Comment 5 Vincent Danen 2010-01-27 18:43:55 EST
Upstream opted to remove the vulnerable clean_string() function in ircd-hybrid:

http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev
Comment 6 Jan Lieskovsky 2010-02-04 11:37:04 EST
Eric, Marek,

  any update with scheduling Fedora-* ircd-{hybrid,ratbox} updates?

Thanks, Jan.
Comment 7 Eric Tanguy 2010-02-04 11:51:14 EST
Sorry but i have orphaned ircd-hybrid.
Eric
Comment 8 Rakesh Pandit 2010-05-29 00:44:16 EDT
I am looking into it.
Comment 9 Fedora Update System 2010-05-29 02:16:24 EDT
ircd-hybrid-7.2.3-11.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/ircd-hybrid-7.2.3-11.fc12
Comment 10 Fedora Update System 2010-06-08 15:30:35 EDT
ircd-ratbox-2.2.8-7.fc12, ircd-hybrid-7.2.3-11.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.