Bug 26853 - ngircd new security issue CVE-2020-14148
Summary: ngircd new security issue CVE-2020-14148
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-06-23 23:53 CEST by David Walser
Modified: 2020-08-21 01:31 CEST (History)
5 users (show)

See Also:
Source RPM: ngircd-25-1.mga7.src.rpm
CVE: CVE-2020-14148
Status comment:


Attachments

Description David Walser 2020-06-23 23:53:45 CEST
Debian-LTS has issued an advisory on June 21:
https://www.debian.org/lts/security/2020/dla-2252

The issue is fixed upstream in 26rc2.

Mageia 7 is also affected.
David Walser 2020-06-23 23:54:01 CEST

CC: (none) => nicolas.salguero
Whiteboard: (none) => MGA7TOO

Comment 1 Nicolas Salguero 2020-06-24 09:42:15 CEST
Suggested advisory:
========================

The updated package fixes a security vulnerability:

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. (CVE-2020-14148)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14148
https://www.debian.org/lts/security/2020/dla-2252
========================

Updated package in core/updates_testing:
========================
ngircd-25-1.1.mga7

from SRPM:
ngircd-25-1.1.mga7.src.rpm

Source RPM: ngircd-25-2.mga8.src.rpm => ngircd-25-1.mga7.src.rpm
CVE: (none) => CVE-2020-14148
Assignee: bugsquad => qa-bugs
Version: Cauldron => 7
Status: NEW => ASSIGNED
Whiteboard: MGA7TOO => (none)

Comment 2 Herman Viaene 2020-07-03 15:01:50 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 11082 for test, but info there is quite sparse.
Attaching the files I edited.
# systemctl start ngircd    
[root@mach5 ~]# systemctl -l status ngircd
● ngircd.service - Next Generation IRC Daemon
   Loaded: loaded (/usr/lib/systemd/system/ngircd.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-07-03 14:19:00 CEST; 3s ago
 Main PID: 7703 (ngircd)
    Tasks: 1 (limit: 4915)
   Memory: 704.0K
   CGroup: /system.slice/ngircd.service
           └─7703 /usr/sbin/ngircd -n

Jul 03 14:19:00 mach5.hviaene.thuis systemd[1]: Started Next Generation IRC Daemon.
Jul 03 14:19:00 mach5.hviaene.thuis ngircd[7703]: [7703:3    0] Can't read MOTD file "/etc/ngircd.motd": No such file or dire>
Jul 03 14:19:00 mach5.hviaene.thuis ngircd[7703]: [7703:4    0] No administrative information configured but required by RFC!
Jul 03 14:19:00 mach5.hviaene.thuis ngircd[7703]: [7703:5    0] ngIRCd 25-IPv6+IRCPLUS+PAM+SSL+SYSLOG+TCPWRAP+ZLIB-x86_64/mag>
Jul 03 14:19:00 mach5.hviaene.thuis ngircd[7703]: [7703:6    0] Using configuration file "/etc/ngircd.conf" ...
Jul 03 14:19:00 mach5.hviaene.thuis ngircd[7703]: [7703:6    0] Running as user ngircd(976), group ngircd(968), with PID 7703.
Jul 03 14:19:00 mach5.hviaene.thuis ngircd[7703]: [7703:6    0] Not running with changed root directory.
provided a ngircd.motd file, that got rid of this message.
Tried to connect with Hexchat, but got no further than "Access denied: bad password?"
Not sure whether the channel key file has to be just the <channelname>.key (as attached, or #<channelname>.key. Provided both (just copy and rename the file), but to no avail.

CC: (none) => herman.viaene

Comment 3 Herman Viaene 2020-07-03 15:06:35 CEST
When I try to attach the conf file (15kb) I get: Software error:

Malformed multipart POST: data truncated
Comment 4 Dave Hodgins 2020-08-20 18:40:48 CEST
Started the server with no config changes. Connected to it on 127.0.0.1:6667,
confirming via wireshark that it was responding.

Validating the update.

CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK

Aurelien Oudelet 2020-08-20 23:23:09 CEST

Keywords: (none) => advisory
CC: (none) => ouaurelien

Comment 5 Mageia Robot 2020-08-21 01:31:46 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0340.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.