ngIRCd 20.3 (2013-08-23) - This release is a bugfix release only, without new features. - Security: Fix a denial of service bug (server crash) which could happen when the configuration option "NoticeAuth" is enabled (which is NOT the default) and ngIRCd failed to send the "notice auth" messages to new clients connecting to the server (CVE-2013-5580). Reproducible: Steps to Reproduce:
ngircd-20.3-1.mga3 and ngircd-20.3-1.mga4 has been submitted where this is fixed.
https://bugzilla.redhat.com/show_bug.cgi?id=1000690
http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html
Assigning to QA. Advisory: ======================== Updated ngircd package fixes security vulnerability: Denial of service bug (server crash) in ngIRCd before 20.3 which could happen when the configuration option "NoticeAuth" is enabled (which is NOT the default) and ngIRCd failed to send the "notice auth" messages to new clients connecting to the server (CVE-2013-5580). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5580 http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html http://ngircd.barton.de/news.php.en ======================== Updated packages in core/updates_testing: ======================== ngircd-20.3-1.mga3 from ngircd-20.3-1.mga3.src.rpm
CC: (none) => luigiwalserAssignee: bugsquad => qa-bugs
Testing complete mga3 64 After doing some basic config in /etc/ngircd.conf including setting PAM = no, connected to localhost with an irc client and joined a channel. With PAM = yes which appears to be the default if it is commented out then it fails to connect. Starting with 'ngircd -n' shows pam authentication failure when trying to connect.
Whiteboard: (none) => has_procedure mga3-64-ok
Testing complete mga3 32
Whiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok mga3-32-ok
Validating. Advisory from comment 4 uploaded. Could sysadmin please push from 3 core/updates_testing to updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0265.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/565571/
For reference. I got a mail with this today, but still (2013-10-02) flagged as RESERVED at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5580 ====================================================== Name: CVE-2013-5580 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5580 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130823 Category: Reference: MLIST:[ngircd-ml] 20130823 ngIRCd 20.3 Reference: URL:http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html Reference: CONFIRM:http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=309122017ebc6fff039a7cab1b82f632853d82d5 Reference: CONFIRM:http://freecode.com/projects/ngircd/releases/357245 Reference: FEDORA:FEDORA-2013-15278 Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.html Reference: FEDORA:FEDORA-2013-15290 Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.html Reference: OSVDB:96590 Reference: URL:http://osvdb.org/96590 Reference: SECUNIA:54567 Reference: URL:http://secunia.com/advisories/54567 The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.