Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Sep 2016 17:26:06 -0500
From: William Pitcock <nenolod@...eferenced.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: CVE ID request: certificate spoofing through
 crafted SASL message in inspircd, charybdis

Hello,

UnrealIRCd is also affected:

https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766

As is Nefarious:

https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5

William

On Sun, Sep 4, 2016 at 4:45 PM, Antoine Beaupré <anarcat@...ian.org> wrote:
> inspircd published 2.0.23 that fixes an issue with SASL
> authentication. The details are here:
>
> http://www.inspircd.org/2016/09/03/v2023-released.html
>
> All versions are affected.
>
> Upstream hasn't requested a CVE yet. I told them I would request one
> from here on IRC.
>
> It seems to also affect Charybdis, which fixed the issue in the
> upcoming 3.5.3 release:
>
> https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
>
> A.
>
> --
> All governments are run by liars and nothing they say should be
> believed.
>                        - I. F. Stone

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ