Bug#836706: certificate spoofing via crafted SASL messages

Tue, 06 Sep 2016 14:33:40 -0700 

Please see attached the debdiff.
Also, please note that i can't upload myself to security-master as i'm
not a DD nor DM.

Le 06/09/2016 à 00:02, Guillaume Delacour a écrit :
> 
> 
> Le 05/09/2016 à 22:41, James Lu a écrit :
>> Hi,
> 
> Hi,
> 
>>
>> Just to narrow things down a bit, the relevant fix for InspIRCd 2.0 is
>> this commit
>> https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a
> 
> Yes, i've talked to upstream a few hours ago to include this particular
> fix to 2.0.17; upload of 2.0.23 will follow to unstable.
> 
>>
>> Best,
>> James
>>
> 

-- 
Guillaume Delacour



diff -Nru inspircd-2.0.17/debian/changelog inspircd-2.0.17/debian/changelog
--- inspircd-2.0.17/debian/changelog    2016-03-22 19:31:22.000000000 +0100
+++ inspircd-2.0.17/debian/changelog    2016-09-06 21:29:13.000000000 +0200
@@ -1,3 +1,10 @@
+inspircd (2.0.17-1+deb8u2) jessie-security; urgency=high
+
+  * m_sasl: don't allow AUTHENTICATE with mechanisms with a space
+    (CVE-2016-7142)
+
+ -- Guillaume Delacour <g...@iroqwa.org>  Tue, 06 Sep 2016 01:58:19 +0200
+
 inspircd (2.0.17-1+deb8u1) jessie-security; urgency=high
 
   * Non-maintainer upload by the Wheezy LTS Team. 
diff -Nru inspircd-2.0.17/debian/patches/CVE-2016-7142.patch 
inspircd-2.0.17/debian/patches/CVE-2016-7142.patch
--- inspircd-2.0.17/debian/patches/CVE-2016-7142.patch  1970-01-01 
01:00:00.000000000 +0100
+++ inspircd-2.0.17/debian/patches/CVE-2016-7142.patch  2016-09-06 
21:29:13.000000000 +0200
@@ -0,0 +1,31 @@
+From 74fafb7f11b06747f69f182ad5e3769b665eea7a Mon Sep 17 00:00:00 2001
+From: Adam <a...@anope.org>
+Date: Fri, 2 Sep 2016 22:57:03 -0400
+Subject: [PATCH] m_sasl: don't allow AUTHENTICATE with mechanisms with a space
+
+---
+ src/modules/m_sasl.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
+index 9cb5592..16a1535 100644
+--- a/src/modules/m_sasl.cpp
++++ b/src/modules/m_sasl.cpp
+@@ -189,6 +189,7 @@ class CommandAuthenticate : public Command
+               : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
+       {
+               works_before_reg = true;
++              allow_empty_last_param = false;
+       }
+ 
+       CmdResult Handle (const std::vector<std::string>& parameters, User 
*user)
+@@ -199,6 +200,9 @@ class CommandAuthenticate : public Command
+                       if (!cap.ext.get(user))
+                               return CMD_FAILURE;
+ 
++                      if (parameters[0].find(' ') != std::string::npos || 
parameters[0][0] == ':')
++                              return CMD_FAILURE;
++
+                       SaslAuthenticator *sasl = authExt.get(user);
+                       if (!sasl)
+                               authExt.set(user, new SaslAuthenticator(user, 
parameters[0]));
diff -Nru inspircd-2.0.17/debian/patches/series 
inspircd-2.0.17/debian/patches/series
--- inspircd-2.0.17/debian/patches/series       2016-03-22 19:29:23.000000000 
+0100
+++ inspircd-2.0.17/debian/patches/series       2016-09-06 22:55:05.000000000 
+0200
@@ -2,3 +2,4 @@
 01_dpkg-buildflags_support.diff
 03_gnutls_crypt_api_instead_gcrypt.diff
 CVE-2015-8702.patch
+CVE-2016-7142.patch

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to