Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 9 Sep 2011 14:04:02 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: Quassel < 0.7.3 CTCP request core
 DoS

Please use CVE-2011-3354.

Thanks.

-- 
    JB

----- Original Message -----
> Hi,
> 
> please assign a CVE for the following issue:
> CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not
> process
> certain CTCP requests correctly, allowing a remote attacker connected
> to the
> same IRC network as the victim to cause a Denial of Service condition
> by
> sending specially crafted CTCP requests. This was demonstrated in
> various
> exploits on freenode today.
> 
> Gentoo tracks the issue in [1], upstream fix is [2].
> 
> Thanks,
> Alex
> 
> [1] https://bugs.gentoo.org/show_bug.cgi?id=382313
> [2] http://git.quassel-
> irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
> 
> --
> Alex Legler <a3li@...too.org>
> Gentoo Security / Ruby

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.