Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 7 Feb 2015 22:55:55 -0500 (EST)
From: cve-assign@...re.org
To: Kurt Seifried <kseifried@...hat.com>
cc: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        Assign a CVE Identifier <cve-assign@...re.org>
Subject: Re: kgb-bot can be crashed by some network traffic


> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776424
>
> Source: kgb-bot
> Version: 1.33-2
> Severity: important
> Tags: security
>
> 2015.01.19 18:08:39: Listening on http://0.0.0.0:9999?session=KGB
> 2015.01.19 18:08:43: Connected to freenode (holmes.freenode.net)
> 2015.01.19 18:08:43: Joining #commits...
> 2015.01.19 18:08:43: Connected to oftc (graviton.oftc.net)
> 2015.01.19 18:08:43: Joining #ikiwiki #vcs-home #git-annex...
> Did not get DONE/CLOSE event for Wheel ID 73 from IP 222.186.34.155 at
> /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221.
> I had a problem posting to event Got_Request of session SOAPServer for
> DIR handler '.*'. As reported by Kernel: 'No such file or directory',
> perhaps the session name is spelled incorrectly for this handler? at
> /usr/share/perl5/POE/Session.pm line 483.
>
> This has happened to me twice now, and it takes the bot down.
>
> not sure how exploitable this is though.
>
> -- 
> Kurt Seifried -- Red Hat -- Product Security -- Cloud
> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Use CVE-2015-1554.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ