Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Jun 2010 15:44:01 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: UnrealIRCd 3.2.8.1 source code
 contained a backdoor allowing for remote command execution

Please use CVE-2010-2075 for this.

Thanks.

-- 
    JB


----- "Alex Legler" <a3li@...too.org> wrote:

> Hi.
> 
> Quoting http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt:
> 
> "We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has
> been
> replaced quite a while ago with a version with a backdoor (trojan) in
> it. This backdoor allows a person to execute ANY command with the
> privileges of the user running the ircd. The backdoor can be executed
> regardless of any user restrictions (so even if you have passworded
> server or hub that doesn't allow any users in)."
> 
> Basically, a system() call was injected into the source code,
> disguised
> as a debug/log macro.
> 
> Filed in Gentoo as https://bugs.gentoo.org/show_bug.cgi?id=323691
> I have a diff of the 'bad' version against the 'good' version. If
> needed, please contact me.
> 
> Please assign a CVE.
> 
> Thanks,
> Alex
> 
> -- 
> Alex Legler | Gentoo Security / Ruby
> a3li@...too.org | a3li@...ber.ccc.de

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.