Bug#595409: marked as done (bip can be crashed remotely by unauthenticated users)

[Debian Bug Tracking System]

Your message dated Wed, 22 Sep 2010 08:32:50 +0000
with message-id <e1oykl0-0001vc...@franck.debian.org>
and subject line Bug#595409: fixed in bip 0.8.2-1squeeze2
has caused the Debian Bug report #595409,
regarding bip can be crashed remotely by unauthenticated users
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
595409: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: bip
Version: 0.8.2-1
Severity: grave
Tags: security

Unauthenticated users can easily cause a NULL pointer dereference in bip (bip is
listening at localhost:7778):

$ echo USER | telnet localhost 7778

<other window>

==25787== Process terminating with default action of signal 11 (SIGSEGV)
==25787==  Access not within mapped region at address 0x0
==25787==    at 0x11BE5C: bip_on_event (irc.c:2483)
==25787==    by 0x11BF4A: irc_main (irc.c:2554)
==25787==    by 0x113A97: main (bip.c:1316)

The NULL pointer dereference happens in this code:

    if (r == ERR_PROTOCOL) {
        mylog(LOG_ERROR, "[%s] Error in protocol, closing...",
                LINK(lc)->name);
        goto prot_err_lines;
    }

AFAIK this has been reported upstream. However, I haven't talked directly with
any bip developer about this so far.

Cheers,
Uli

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-proposed-updates'), (50, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bip depends on:
ii  adduser                       3.112      add and remove users and groups
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
ii  libssl0.9.8                   0.9.8o-2   SSL shared libraries
ii  lsb-base                      3.2-23.1   Linux Standard Base 3.2 init scrip

bip recommends no packages.

bip suggests no packages.

-- Configuration Files:
/etc/bip.conf [Errno 13] Keine Berechtigung: u'/etc/bip.conf'

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: bip
Source-Version: 0.8.2-1squeeze2

We believe that the bug you reported is fixed in the latest version of
bip, which is due to be installed in the Debian FTP archive:

bip_0.8.2-1squeeze2.diff.gz
  to main/b/bip/bip_0.8.2-1squeeze2.diff.gz
bip_0.8.2-1squeeze2.dsc
  to main/b/bip/bip_0.8.2-1squeeze2.dsc
bip_0.8.2-1squeeze2_amd64.deb
  to main/b/bip/bip_0.8.2-1squeeze2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 595...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre-Louis Bonicoli <pierre-louis.bonic...@gmx.fr> (supplier of updated bip 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 13 Sep 2010 01:06:26 +0200
Source: bip
Binary: bip
Architecture: source amd64
Version: 0.8.2-1squeeze2
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Pierre-Louis Bonicoli <pierre-louis.bonic...@gmx.fr>
Changed-By: Pierre-Louis Bonicoli <pierre-louis.bonic...@gmx.fr>
Description: 
 bip        - multiuser irc proxy with conversation replay and more
Closes: 595409
Changes: 
 bip (0.8.2-1squeeze2) testing-proposed-updates; urgency=low
 .
   * New maintainer (with Nohar's blessing).
   * Fix CVE-2010-3071: null pointer deference (remote DoS). (Closes: #595409)
Checksums-Sha1: 
 ef9be86ea8b79db80b6fb97da9266b2084469ff9 1074 bip_0.8.2-1squeeze2.dsc
 2b8f01e59e1ab32dd7c5a65611bd43c5db469b2f 8183 bip_0.8.2-1squeeze2.diff.gz
 e90e0f1640b2b0a0736a10f1e0380f313dd16266 146066 bip_0.8.2-1squeeze2_amd64.deb
Checksums-Sha256: 
 edce5f4dac20bbcbe9915eaf28e3b88ba2b400816c8c6409deb15c05e5c2df48 1074 
bip_0.8.2-1squeeze2.dsc
 5ef84f99ab24f0f68fc21011118b68f480183bffe95d03208f0e3f094716031a 8183 
bip_0.8.2-1squeeze2.diff.gz
 8b8128cd3f36c130ad41f81cb0102fbf07a90097f8e2d8b55679d93ea8292679 146066 
bip_0.8.2-1squeeze2_amd64.deb
Files: 
 940e9245094b8c4f360829373a4967aa 1074 net optional bip_0.8.2-1squeeze2.dsc
 77c2348613f8b93d4a5101364fa24b41 8183 net optional bip_0.8.2-1squeeze2.diff.gz
 c19cd033c8434a4d741cdd2f03fb164e 146066 net optional 
bip_0.8.2-1squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyZumMACgkQsk+dgCIlhI6Y2QCeJRyGcLLweOLlIzjhppx8BWAq
AJYAmwaParo9GlkhFBVumVg0k8yoDm2I
=g0CZ
-----END PGP SIGNATURE-----

--- End Message ---