Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 29 Dec 2015 11:31:04 -0500 (EST)
From: cve-assign@...re.org
To: feld@...d.me
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Inspircd <2.0.19 DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Inspircd <2.0.19 has a DoS caused by PTR lookup of connecting users.

> From their changelog: "...including a fix for a bug which allowed
> malformed DNS records to cause netsplits on a network. Triggering this
> issue is non-trivial and it may not occur in all circumstances, but all
> users are advised to upgrade."

> http://www.inspircd.org/2015/04/16/v2019-released.html
> https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559

>> src/dns.cpp

>> if (resultstr.find_first_not_of("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-") != std::string::npos)

>> "Invalid char(s) in reply"

Use CVE-2015-8702.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWgrTBAAoJEL54rhJi8gl5aIEP/2g9jqgkUoPvyEMPgZIITKYx
tWXKCweTow3+G5fIkMMYiPZhwBqc5eGG6JS0fGOjFWb5+WLvtnTZh8I2xZrYJ4QF
uOgbvky3WJ73WjmoPkEfv6VGIAjyRx3eVDvdZkng4vmnDciIM0DF/9JQxTMUuI/5
MdegRN6O9frCcFBcBThK8F+cTSeOwG6dHRc9IQfYvIVYm8ZummOZz0dSS5b8Zd4y
+/cUeVmlkZrAEBf3t9REzK1JjiYbmlMXSsuyHdYcYIAE57VJG335EAVTA91BgkBG
GI5DZBJC8yvsR5rCnYy9USWJdvzWmhL9/Ij77ODzC4kwpI8tiU0VXW0FXA1KOdI1
UWcWeSlhTKidJTpcPA/dcDyZ1g8CYZsjNdvl04Ma+SGYncMI/oUNFx1Mqixr1o1Z
+npuV0JtTk1dyc+YXXVLptR8wpyiBe+t7Y+Vpw2Ul1YG/itz4tQXPa+/APmcxezy
aAQGEfEBMUYIQ9vuJ0N+VJSqQ70w74QS6m1Da9QENjPO6OpAWDeNApMsybv/aWGT
xgMr+np6EMAImvwCHJ5YMwUIj3d0G8ZKVjgPBOokauX8ueM5h6byeyUalptcYxtl
fvpNjfIGxBtDxRullUEDYfXYpenhKnP8/aPcvp+MjBBz0Ml2LJI1+Yi8nxs1qlO/
JWH+/E/bYvFwwqR8JnH0
=GVyG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ