Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Jan 2015 22:37:46 -0700
From: Kurt Seifried <>
To: "" <>,
        Assign a CVE Identifier <>
Subject: kgb-bot can be crashed by some network traffic

Source: kgb-bot
Version: 1.33-2
Severity: important
Tags: security

2015.01.19 18:08:39: Listening on
2015.01.19 18:08:43: Connected to freenode (
2015.01.19 18:08:43: Joining #commits...
2015.01.19 18:08:43: Connected to oftc (
2015.01.19 18:08:43: Joining #ikiwiki #vcs-home #git-annex...
Did not get DONE/CLOSE event for Wheel ID 73 from IP at
/usr/share/perl5/POE/Component/Server/ line 221.
I had a problem posting to event Got_Request of session SOAPServer for
DIR handler '.*'. As reported by Kernel: 'No such file or directory',
perhaps the session name is spelled incorrectly for this handler? at
/usr/share/perl5/POE/ line 483.

This has happened to me twice now, and it takes the bot down.

not sure how exploitable this is though.

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ