Bug#595409: marked as done (bip can be crashed remotely by unauthenticated users)

[Debian Bug Tracking System]

Your message dated Sun, 12 Sep 2010 17:17:06 +0000
with message-id <e1ouqas-00021q...@franck.debian.org>
and subject line Bug#595409: fixed in bip 0.8.6-1
has caused the Debian Bug report #595409,
regarding bip can be crashed remotely by unauthenticated users
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
595409: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: bip
Version: 0.8.2-1
Severity: grave
Tags: security

Unauthenticated users can easily cause a NULL pointer dereference in bip (bip is
listening at localhost:7778):

$ echo USER | telnet localhost 7778

<other window>

==25787== Process terminating with default action of signal 11 (SIGSEGV)
==25787==  Access not within mapped region at address 0x0
==25787==    at 0x11BE5C: bip_on_event (irc.c:2483)
==25787==    by 0x11BF4A: irc_main (irc.c:2554)
==25787==    by 0x113A97: main (bip.c:1316)

The NULL pointer dereference happens in this code:

    if (r == ERR_PROTOCOL) {
        mylog(LOG_ERROR, "[%s] Error in protocol, closing...",
                LINK(lc)->name);
        goto prot_err_lines;
    }

AFAIK this has been reported upstream. However, I haven't talked directly with
any bip developer about this so far.

Cheers,
Uli

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-proposed-updates'), (50, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bip depends on:
ii  adduser                       3.112      add and remove users and groups
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
ii  libssl0.9.8                   0.9.8o-2   SSL shared libraries
ii  lsb-base                      3.2-23.1   Linux Standard Base 3.2 init scrip

bip recommends no packages.

bip suggests no packages.

-- Configuration Files:
/etc/bip.conf [Errno 13] Keine Berechtigung: u'/etc/bip.conf'

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: bip
Source-Version: 0.8.6-1

We believe that the bug you reported is fixed in the latest version of
bip, which is due to be installed in the Debian FTP archive:

bip_0.8.6-1.debian.tar.gz
  to main/b/bip/bip_0.8.6-1.debian.tar.gz
bip_0.8.6-1.dsc
  to main/b/bip/bip_0.8.6-1.dsc
bip_0.8.6-1_amd64.deb
  to main/b/bip/bip_0.8.6-1_amd64.deb
bip_0.8.6.orig.tar.gz
  to main/b/bip/bip_0.8.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 595...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arnaud Cornet <acor...@debian.org> (supplier of updated bip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 12 Sep 2010 17:58:22 +0100
Source: bip
Binary: bip
Architecture: source amd64
Version: 0.8.6-1
Distribution: unstable
Urgency: low
Maintainer: Arnaud Cornet <acor...@debian.org>
Changed-By: Arnaud Cornet <acor...@debian.org>
Description: 
 bip        - multiuser irc proxy with conversation replay and more
Closes: 595409
Changes: 
 bip (0.8.6-1) unstable; urgency=low
 .
   * New upstream release (Closes: #595409).
Checksums-Sha1: 
 fb9545daefd994c8298c361af0b333db44c52c8b 997 bip_0.8.6-1.dsc
 6568154bc1b616f69705e63ade3b77bf5d4de988 220246 bip_0.8.6.orig.tar.gz
 a3c2872bba6ec5725c35b3444bc855f32e64d374 8201 bip_0.8.6-1.debian.tar.gz
 1c7acdad10761b0262a507c1103cd160c16a8839 151108 bip_0.8.6-1_amd64.deb
Checksums-Sha256: 
 5586686109d9914d799bde15c85b88093b3394ce42fa2c10d7542175c22ac449 997 
bip_0.8.6-1.dsc
 a488060858a9f257d3a07e632162a8f7df79a002915cdb629082d191917762fe 220246 
bip_0.8.6.orig.tar.gz
 0c774fad9bcbf2f22f0c74fdfd9f64202cc952f0b089ece2459609086976b85e 8201 
bip_0.8.6-1.debian.tar.gz
 75f36e36e805b383e7a8eccd694bd5446d60a47e81d55113588a0044ae748c4a 151108 
bip_0.8.6-1_amd64.deb
Files: 
 c37585a21802e0282af704418fd0c6bd 997 net optional bip_0.8.6-1.dsc
 a6026d6da8587220332b2f96a7385fc9 220246 net optional bip_0.8.6.orig.tar.gz
 baf03e72e19cad34ec462618282ae0cd 8201 net optional bip_0.8.6-1.debian.tar.gz
 f49912b8aa0bb4316a642a63a33c8cce 151108 net optional bip_0.8.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyNBy8ACgkQsk+dgCIlhI5eAQCeMAECtoYTM6kQ1oAnyyfEkChB
XE0AoI1UxJ2oazBLNYGdqxe3ROthS0dc
=a9M/
-----END PGP SIGNATURE-----

--- End Message ---