Your message dated Wed, 15 Apr 2015 21:32:29 +0000 with message-id <e1yiuv7-0007r8...@franck.debian.org> and subject line Bug#780880: fixed in inspircd 2.0.5-1+deb7u1 has caused the Debian Bug report #780880, regarding inspircd: CVE-2012-1836 patch incorrect to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780880: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: inspircd Version: 2.0.5-1+b1 Severity: grave Tags: security Justification: user security hole Hi, I am an upstream maintainer for InspIRCd. The patch you have for CVE-2012-1836 (patches/03_CVE-2012-1836.diff) is not the same patch we released as part of 2.0.7 (there was no 2.0.6) to address the CVE. It appears to be a a version of this commit: https://github.com/inspircd/inspircd/commit/9aa28f3730fb3dd69c1e06f78bb2bbc43d36c684. However this commit was never in a release, and was only in git for about 6 days (due to someone other than me pulling it in). I looked at the CVE and addressed it with two followup commits later. This commit and your patch do not fix the problem. You can still send maliciously crafted packets and cause remote code execution. This was fixed in https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89, prior to the 2.0.7 release. Furthermore, your patch introduces a buffer underflow where it has "i =- 12" and not "i -= 12". This causes it to start reading from before the packet's buffer. It is unclear to me what this can cause. Additionally, at the same time I commited 58c893e834ff20495d007709220881a3ff13f423 to prevent malicious packets from causing InspIRCd to infinite loop. This is not a part of the CVE as it does not allow remote code execution, but is still a critical problem due to the potential for denial of service. You should perhaps apply these two patches on top of your existing ones, or maybe fetch the dns.cpp file off of 2.0.7 here: https://github.com/inspircd/inspircd/blob/v2.0.7/src/dns.cpp. It does not change much. I would be willing to go through and provide a proper set of patches for this and other less-severe issues if requested. I do not want to do it up front because it would be a lot of work, and I am not sure whether or not it would be accepted. You have a very, very old InspIRCd version, and there is a lot of stuff to sift through (about 3 years). Let me know. Thanks, Adam
--- End Message ---
--- Begin Message ---Source: inspircd Source-Version: 2.0.5-1+deb7u1 We believe that the bug you reported is fixed in the latest version of inspircd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guillaume Delacour <g...@iroqwa.org> (supplier of updated inspircd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 25 Mar 2015 22:32:45 +0000 Source: inspircd Binary: inspircd inspircd-dbg Architecture: source amd64 Version: 2.0.5-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian IRC Team <pkg-irc-maintain...@lists.alioth.debian.org> Changed-By: Guillaume Delacour <g...@iroqwa.org> Description: inspircd - Modular IRCd written in C++ inspircd-dbg - Modular IRCd written in C++ - debugging symbols Closes: 780880 Changes: inspircd (2.0.5-1+deb7u1) wheezy-security; urgency=high . * CVE-2012-1836 was partially fixed; refresh 03_CVE-2012-1836 patch by importing 2.0.7 src/dns.cpp changes (Closes: #780880) Checksums-Sha1: b00b461a62c7c06adcb593e6c321d09db439c3d7 1989 inspircd_2.0.5-1+deb7u1.dsc 2f316e33e1e53b70513fd55089206fe13f4287fa 575852 inspircd_2.0.5.orig.tar.bz2 2dc8158f7a2d1bd606bb04aa3f363b17eb128903 15681 inspircd_2.0.5-1+deb7u1.debian.tar.gz f3ce7c6be25e45ac9d50bdc83abdd6217c3d19fe 2494058 inspircd_2.0.5-1+deb7u1_amd64.deb 629ff992bf201cbc94b9258e378a1198daeb9852 1280892 inspircd-dbg_2.0.5-1+deb7u1_amd64.deb Checksums-Sha256: 838602a6566a83e8f3bad62db163cc5b5cf7592c8ef28bebedfdde6ec32169b1 1989 inspircd_2.0.5-1+deb7u1.dsc 425bf79ae1348b398ce6d2348f6cc8baeebe8125f62337e98c136942223f4fc6 575852 inspircd_2.0.5.orig.tar.bz2 c231ca5611e324cb2177cb9981856e88f51510330dcbc13aaf180c22b592aebb 15681 inspircd_2.0.5-1+deb7u1.debian.tar.gz 1a7511057f7c266088a627d081ba426527e168d59b47cfdd1ca8c8fd28f72e04 2494058 inspircd_2.0.5-1+deb7u1_amd64.deb 5012085809a6e32bb772c0e186f8b3234e62e2388713e915a4941af0da13bb46 1280892 inspircd-dbg_2.0.5-1+deb7u1_amd64.deb Files: 1c5fbe7e5f39cc5c2d498fa562c5c128 1989 net optional inspircd_2.0.5-1+deb7u1.dsc 60dec04bdc8f8c473f3c7bd774a1f153 575852 net optional inspircd_2.0.5.orig.tar.bz2 b14fb5e6f45fb861287b576c81fd5144 15681 net optional inspircd_2.0.5-1+deb7u1.debian.tar.gz 58b3bfb21b053d3286b19166675a6297 2494058 net optional inspircd_2.0.5-1+deb7u1_amd64.deb eba72d982ce906df682d05c6dc0076aa 1280892 debug extra inspircd-dbg_2.0.5-1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJVLYU7AAoJEBC+iYPz1Z1kKNcIAM22tSjyDv0OQYEJr2YqyhRR yA4RlzpVKiUMYQ3+VeMaExCS3H4mJafDCqYvJ3Kb1/8Rcy1dt/MwtPMe0bsWdoES Bi2jwKqlz0ggTwCac9u3ZzCplqB9HasocRoFplNSDRcAYHWnULatvgNZJkjK1HJf QYRu/7QgZ7UD3QobX28lKWEuxgwYjK+OIhmsh1Gl8I/tyqfXEpNn1R7rIHAUIPXu WPB9hll6XEwiBKdIJivcAdXJmRx0iDmvFB/BkDnax+w/9E5xh7lOiW9bBAJF7c9S rQGeiv1Oaz8BiDG8TMbI8sXeBv3mJGd4F3nwxQlvV/bz9pjWKzWNPL4cEGcEt7s= =yDDn -----END PGP SIGNATURE-----
--- End Message ---
