Date: Mon, 14 Jun 2010 15:44:01 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: UnrealIRCd 126.96.36.199 source code contained a backdoor allowing for remote command execution Please use CVE-2010-2075 for this. Thanks. -- JB ----- "Alex Legler" <a3li@...too.org> wrote: > Hi. > > Quoting http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt: > > "We found out that the Unreal188.8.131.52.tar.gz file on our mirrors has > been > replaced quite a while ago with a version with a backdoor (trojan) in > it. This backdoor allows a person to execute ANY command with the > privileges of the user running the ircd. The backdoor can be executed > regardless of any user restrictions (so even if you have passworded > server or hub that doesn't allow any users in)." > > Basically, a system() call was injected into the source code, > disguised > as a debug/log macro. > > Filed in Gentoo as https://bugs.gentoo.org/show_bug.cgi?id=323691 > I have a diff of the 'bad' version against the 'good' version. If > needed, please contact me. > > Please assign a CVE. > > Thanks, > Alex > > -- > Alex Legler | Gentoo Security / Ruby > a3li@...too.org | a3li@...ber.ccc.de
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ