Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 12 Dec 2015 22:15:25 -0500 (EST)
From: cve-assign@...re.org
To: pierre@...ctos.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Remote DoS in Quassel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Any client sending the command "/op *" in a query will cause the Quassel
> core to crash.
> 
> https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7

>> src/core/coreuserinputhandler.cpp
>> 
>> CoreUserInputHandler::doMode
>> 
>> - if (nicks == "*") { // All users in channel
>> + if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel

Use CVE-2015-8547.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWbOHTAAoJEL54rhJi8gl5KiYP/0eSHJkLoJoBfBr/ZgnkNfoz
1Uuz+n9AKamkpQvS780X4eABVjsByf0hhz4G/QnZb5u4cQzlCi403q3kBROb/mbz
8hTWYSJKSIwxNT501Go6CPFbL3aP0oIOl1PF6BiV8BCRN7MVTPlkoYH4WfbnhZP9
0mknvcmKFF9XvRuIHfrVb/QhDMTvXo3xeyXs5pDtOqKLulScS5xktpM9y4YixtP4
OimugFmh7/IzYjKOh7D9Z3qnMmzGyteo6aA1Fe+qkbxDFEDVI9cE4qHgM0bA0xlM
jcblzgfkhgXwh5jeqSikeW3xiTs5ixRvDDKtuo6QIknCR6w+EE/3IGhkmfjIWcGP
jRfjGLTgKmLZVpyeTRo9Bo8QhP6n7y/O4iWmxMB9VvBzZUTxmjGb22uM0EPe8IfL
efwa7MiY8ccExmgbAh7rqpWEq5O0rDM8EC3YWOXyz54wZ6Szw3TMdk5Ql7P7rtG0
d70b9iq9TdndyzSCz//ol7d9YPvm3zU+wMLYQuSoLtzCHb74qlp9aJWh/+EK0qKr
w0eNSBfgzp/UfBFN+tmrySu0uzXio9hyOtmIdZTStJ6u7nPry0ZZHFYlHkFDqPZD
IhZYQaJbXwBQ6o+rcdU/dt6y8pL6k2xFjimwRtE+regiCXLI08XpetqO25INRyN2
QAR9gUDfDaKbhCtVBLld
=XTOC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ