Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201201-18 ] bip: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Mon Jan 30, 2012 1:26 pm    Post subject: [ GLSA 201201-18 ] bip: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: bip: Multiple vulnerabilities (GLSA 201201-18)
Severity: high
Exploitable: remote
Date: January 30, 2012
Bug(s): #336321, #400599
ID: 201201-18

Synopsis

Multiple vulnerabilities in bip might allow remote unauthenticated
attackers to cause a Denial of Service or possibly execute arbitrary code.


Background

bip is a multi-user IRC proxy with SSL support.

Affected Packages

Package: net-irc/bip
Vulnerable: < 0.8.8-r1
Unaffected: >= 0.8.8-r1
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in bip:
  • Uli Schlachter reported that bip does not properly handle invalid
    data during authentication, resulting in a daemon crash
    (CVE-2010-3071).
  • Julien Tinnes reported that bip does not check the number of open
    file descriptors against FD_SETSIZE, resulting in a stack buffer
    overflow (CVE-2012-0806).


Impact

A remote attacker could exploit these vulnerabilities to execute
arbitrary code with the privileges of the user running the bip daemon, or
cause a Denial of Service condition.


Workaround

There is no known workaround at this time.

Resolution

All bip users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=net-irc/bip-0.8.8-r1"
   
NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version
of bip and is included in this advisory for completeness.


References

CVE-2010-3071
CVE-2012-0806
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum