Bug 9001 - ircd-hybrid new security issue CVE-2013-0238
: ircd-hybrid new security issue CVE-2013-0238
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/536989/
: has_procedure mga2-32-ok mga2-64-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-02-08 19:12 CET by David Walser
Modified: 2013-02-16 20:31 CET (History)
4 users (show)

See Also:
Source RPM: ircd-hybrid-7.2.3-10.mga2.src.rpm
CVE:


Attachments
systemd.log_level=debug (26.08 KB, text/plain)
2013-02-13 10:01 CET, claire robinson
Details

Description David Walser 2013-02-08 19:12:22 CET
Debian has issued an advisory on February 7:
http://www.debian.org/security/2013/dsa-2618

Patched package uploaded for Mageia 2 and Cauldron.

Side note: not sure I really believe the name of the person that reported it.

Advisory:
========================

Updated ircd-hybrid packages fix security vulnerability:

Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an
Internet Relay Chat server. A remote attacker may use an error in the masks
validation and crash the server (CVE-2013-0238).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0238
http://www.debian.org/security/2013/dsa-2618
========================

Updated packages in core/updates_testing:
========================
ircd-hybrid-7.2.3-10.1.mga2
ircd-hybrid-devel-7.2.3-10.1.mga2

from ircd-hybrid-7.2.3-10.1.mga2.src.rpm
Comment 1 claire robinson 2013-02-08 19:49:36 CET
No PoC's that I can find
Comment 2 claire robinson 2013-02-12 16:22:09 CET
Testing existing version, there is a problem starting the service.

tail /var/log/syslog

ircd-hybrid[10865]: Starting IRCd Server:ircd: version hybrid-7.2.3
ircd-hybrid[10865]: ircd: pid 10895
ircd-hybrid[10865]: ircd: running in background mode from /usr
ircd-hybrid[10865]: [  OK  ]
systemd[1]: PID file /var/run/ircd-hybrid/ircd-hybrid.pid not readable (yet?) after start.
systemd[1]: Unit ircd-hybrid.service entered failed state.

It leaves the lock file in place but doesn't create the pid file systemd is looking for.

# ll /var/lock/subsys/ircd-hybrid
-rw-r--r-- 1 root root 0 Feb 12 15:09 /var/lock/subsys/ircd-hybrid

# ll /var/run/ircd-hybrid/ircd-hybrid.pid
ls: cannot access /var/run/ircd-hybrid/ircd-hybrid.pid: No such file or directory

Listen is set to port=6667;

# netstat -ant | grep 666
# ps aux | grep irc

Both show nothing relevant, so it is not starting.
Comment 3 claire robinson 2013-02-12 16:46:39 CET
The updated package is the same.
Comment 4 Colin Guthrie 2013-02-12 16:51:59 CET
Hmm, I thought I fixed the pid file issue a long time ago... (I use this package myself).

/me wonders if he needs to slap himself for not fixing it properly upstream :s
Comment 5 claire robinson 2013-02-12 16:52:58 CET
Shall we form an orderly queue? ;)
Comment 6 Colin Guthrie 2013-02-12 16:58:31 CET
Hmm, can't find any modifications to the package installed here and it works fine for me on mga2.

Can you double check that the folder /var/run/ircd-hybrid exists? As this is mga2 this should be a regular filesystem and thus not need any tmpfiles - it's just part of the package.
Comment 7 Colin Guthrie 2013-02-12 17:00:12 CET
Some random output on my machine:

[colin@summit ~]$ ll /var/run/ircd-hybrid
total 4
-rw------- 1 ircd-hybrid ircd-hybrid 5 Dec 17 10:13 ircd-hybrid.pid
[colin@summit ~]$ ll -d /var/run/ircd-hybrid
drwxr-xr-x 2 ircd-hybrid ircd-hybrid 4096 Dec 17 10:13 /var/run/ircd-hybrid/
[colin@summit ~]$ rpm -q ircd-hybrid
ircd-hybrid-7.2.3-10.mga2
[colin@summit ~]$ rpm -ql ircd-hybrid| grep var/run
/var/run/ircd-hybrid
[colin@summit ~]$ rpm -V ircd-hybrid
[colin@summit ~]$
Comment 8 claire robinson 2013-02-12 17:07:06 CET
It does exist, yes. I'll try on another machine but I'm fairly sure this is the first time I've installed this package.

# ll -d /var/run/ircd-hybrid/
drwxr-xr-x 2 ircd-hybrid ircd-hybrid 4096 Feb  8 18:02 /var/run/ircd-hybrid//
Comment 9 Colin Guthrie 2013-02-12 17:12:03 CET
When starting it, can you try with "systemctl --no-block start ircd-hybrid.service" then very soon after try "systemctl status ircd-hybrid.service"

I'd expect to see the daemon started and working, but only later being killed by systemd because it's not written it's pid file.

When it's in this starting state, check the Status output and double check if any kind of pid file is written (either where it should be written or something similar).
Comment 10 claire robinson 2013-02-12 17:20:19 CET
# systemctl --no-block start ircd-hybrid.service
# systemctl status ircd-hybrid.service
ircd-hybrid.service - LSB: Internet Relay Chat Server
          Loaded: loaded (/etc/rc.d/init.d/ircd-hybrid)
          Active: failed (Result: resources) since Tue, 12 Feb 2013 16:19:21 +0000; 10s ago
         Process: 14402 ExecStart=/etc/rc.d/init.d/ircd-hybrid start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/ircd-hybrid.service
Comment 11 claire robinson 2013-02-12 17:24:01 CET
the same commands on a fresh computer allow it to start colin
Comment 12 claire robinson 2013-02-12 17:25:43 CET
in fact on a computer i installed i586 a week or two ago which hasn't been used much for testing it does start ok anyway
Comment 13 claire robinson 2013-02-12 17:33:19 CET
Trying this one again mga2 64

# service ircd-hybrid stop
Stopping ircd-hybrid (via systemctl):                                  [  OK  ]
# systemctl stop ircd-hybrid.service
# service ircd-hybrid stop
Stopping ircd-hybrid (via systemctl):                                  [  OK  ]
# service ircd-hybrid stop
Stopping ircd-hybrid (via systemctl):                                  [  OK  ]

# ll /var/run/ircd-hybrid/
total 0

# ll /var/lock/subsys/ircd-hybrid
-rw-r--r-- 1 root root 0 Feb 12 15:09 /var/lock/subsys/ircd-hybrid
# rm -f /var/lock/subsys/ircd-hybrid
# ll /var/lock/subsys/ircd-hybrid
ls: cannot access /var/lock/subsys/ircd-hybrid: No such file or directory

# ps aux | grep hybrid
root     15007  0.0  0.0   9680   880 pts/2    S+   16:30   0:00 grep --color hybrid

# systemctl --no-block start ircd-hybrid.service
# systemctl status ircd-hybrid.service
ircd-hybrid.service - LSB: Internet Relay Chat Server
          Loaded: loaded (/etc/rc.d/init.d/ircd-hybrid)
          Active: failed (Result: resources) since Tue, 12 Feb 2013 16:31:52 +0000; 7s ago
         Process: 15083 ExecStart=/etc/rc.d/init.d/ircd-hybrid start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/ircd-hybrid.service

ircd-hybrid[15083]: Starting IRCd Server:ircd: version hybrid-7.2.3
ircd-hybrid[15083]: ircd: pid 15112
ircd-hybrid[15083]: ircd: running in background mode from /usr
ircd-hybrid[15083]: [  OK  ]

# ps aux | grep hybrid
root     15173  0.0  0.0   9680   880 pts/2    S+   16:33   0:00 grep --color hybrid
Comment 14 Colin Guthrie 2013-02-12 17:49:47 CET
The failure of "Result: resources" is the interesting bit.

Smells like something else is up with that machine to cause the failure.

Can you turn systemd into debug mode (either via rebooting and appending systemd.log_level=debug or by doing a kill to PID 1 with an appropriate signal (I forget which but it's in the man page).

Then after trying to start the unit, there should be some info about why it failed due to "resources" in the "journalctl -f" output (assuming you have it running in another shell).

Of course if you've not rebooted it in a while, then perhaps just try that?

Also what kernel is this? Is it the regular desktop one? Might be some missing module somewhere that is needed (tho' rather unlikely) if it's not the desktop one.
Comment 15 claire robinson 2013-02-12 19:01:28 CET
I'll try the reboot bit in the morning colin if that's ok.

# uname -r
3.4.24-desktop-3.mga2
Comment 16 claire robinson 2013-02-12 19:58:57 CET
Testing complete mga2 32

Installed and started the service then connected to localhost with an irc client.

[18:56] [Info] Looking for server localhost (port 6667)...
[18:56] [Info] Server found, connecting...
[18:56] [Info] Connected; logging in...
[18:56] [Notice] -some-a.server- *** Looking up your hostname...
[18:56] [Notice] -some-a.server- *** Checking Ident
[18:56] [Notice] -some-a.server- *** No Ident response
[18:56] [Notice] -some-a.server- *** Found your hostname
[18:56] [Welcome] Welcome to the ExampleNet Internet Relay Chat Network clairer
[18:56] [Welcome] Your host is some-a.server[0.0.0.0/6667], running version hybrid-7.2.3
[18:56] [Welcome] This server was created Apr 29 2012 at 15:25:52
[18:56] [Welcome] Server some-a.server (Version hybrid-7.2.3), User modes: CDGabcdfgiklnorsuwxyz, Channel modes: biklmnopstveI
...etc
Comment 17 claire robinson 2013-02-13 10:01:09 CET
Created attachment 3514 [details]
systemd.log_level=debug

After clearing /etc/ircd-hybrid, the lock file and /var/run/ircd-hybrid, attaching journalctl -fa. 

It spans from just after mgaapplet ran and found some updates to where i did systemctl start ircd-hybrid.service so I'm not certain where one ends and the other begins. I think most of it belongs with mgaaplet.

Could the Resources reason be to do with the lock file which is left behind when it fails to start?

# ll /var/lock/subsys/ircd-hybrid
-rw-r--r-- 1 root root 0 Feb 13 08:44 /var/lock/subsys/ircd-hybrid

# ps aux | grep hybrid
Shows nothing.

# systemctl status ircd-hybrid.service
ircd-hybrid.service - LSB: Internet Relay Chat Server
          Loaded: loaded (/etc/rc.d/init.d/ircd-hybrid)
          Active: failed (Result: resources) since Wed, 13 Feb 2013 08:59:38 +0000; 34s ago
         Process: 19756 ExecStart=/etc/rc.d/init.d/ircd-hybrid start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/ircd-hybrid.service

Feb 13 08:59:38 mega ircd-hybrid[19756]: Starting IRCd Server:ircd: version hybrid-7.2.3
Feb 13 08:59:38 mega ircd-hybrid[19756]: ircd: pid 19785
Feb 13 08:59:38 mega ircd-hybrid[19756]: ircd: running in background mode from /usr
Feb 13 08:59:38 mega ircd-hybrid[19756]: [  OK  ]
Comment 18 claire robinson 2013-02-13 10:04:47 CET
Also, could /usr be the issue

ircd-hybrid[19756]: ircd: running in background mode from
/usr

# grep ircd-hybrid /etc/passwd
ircd-hybrid:x:458:458:system user for ircd-hybrid:/var/lib/ircd-hybrid:/bin/false
Comment 19 Colin Guthrie 2013-02-13 10:46:09 CET
It should have nothing to do with /usr (and it's really just confusing that it prints that in it's log if you ask me - I guess it's probably the developers wanting to make sure their local install test version in /usr/local is definitely the one they are running).


The interesting bits from the log are:

Feb 13 08:44:59 mega systemd[1]: Received SIGCHLD from PID 8656 (ircd-hybrid).
Feb 13 08:44:59 mega systemd[1]: Got SIGCHLD for process 8656 (ircd-hybrid)
Feb 13 08:44:59 mega systemd[1]: Child 8656 died (code=exited, status=0/SUCCESS)
Feb 13 08:44:59 mega systemd[1]: Child 8656 belongs to ircd-hybrid.service
Feb 13 08:44:59 mega systemd[1]: ircd-hybrid.service: control process exited, code=exited status=0
Feb 13 08:44:59 mega systemd[1]: ircd-hybrid.service got final SIGCHLD for state start
Feb 13 08:44:59 mega systemd[1]: PID file /var/run/ircd-hybrid/ircd-hybrid.pid not readable (yet?) after start.
Feb 13 08:44:59 mega systemd[1]: Setting watch for ircd-hybrid.service's PID file /var/run/ircd-hybrid/ircd-hybrid.pid
Feb 13 08:44:59 mega systemd[1]: Stopping watch for ircd-hybrid.service's PID file /var/run/ircd-hybrid/ircd-hybrid.pid
Feb 13 08:44:59 mega systemd[1]: ircd-hybrid.service changed start -> failed
Feb 13 08:44:59 mega systemd[1]: Job ircd-hybrid.service/start finished, result=failed
Feb 13 08:44:59 mega systemd[1]: Unit ircd-hybrid.service entered failed state.
Feb 13 08:44:59 mega systemd[1]: Got SIGCHLD for process 8685 (ircd-hybrid)
Feb 13 08:44:59 mega systemd[1]: Child 8685 died (code=exited, status=1/FAILURE)
Feb 13 08:44:59 mega systemd[1]: Received SIGCHLD from PID 8685 (n/a).


Here we see the watch for the pid file starting and stopping almost immediately and then an immediate failed state.

This to me suggests that something, somewhere, is eating up all the inotify watches and systemd is starved and cannot watch for the pid file and thus bails and the failure code is "resources".

I'll see if I can dig up more info. I'll also test here on x86_64
Comment 20 Colin Guthrie 2013-02-13 11:16:00 CET
Scratch my above analysis. I think I know the problem as I also see it as having failed with "resource".

In my case however ircd-hybrid is still running.

Actually I think this is due to how ircd delegates to it's own user for starting. i.e. the process actually escapes the cgroup and instead has a user session started (thus getting it's own cgroup). Thus systemd sees the process disappear and fails with "resources" (slightly confusing yes).

So I can confirm it's working fine for me on x86_64, (with pid and process) but it's certainly sub-optimal as systemd things it's failed!

I strongly suspect that this would also be the case on i586. Can you confirm?

$ ps ax -O cgroup| grep ircd
 6860 name=systemd:/user/ircd-hybrid/c70041 S ?      00:00:00 /usr/sbin/ircd-hybrid

Here the cgroup is shown as "systemd:/user/ircd-hybrid/..." which is not a service cgroup, but a user one. This shows that the way the ircd sysvinit script drops user privs is not ideal.

Regardless, I doubt very much this is any different to the ircd shipped with mga2 so I would personally suggest we should validate this update.


I will ensure the startup system is rewritten for cauldron/mga3 to avoid this confusing behaviour.

I suspect the reason for yours exiting to be some kind of configuration error that just causes it to die without writing much to it's log. Perhaps try su'ing to the ircd-hybrid user (you'll have to pass -s) and running the daemon manually to see if you can work out why it exits for your own piece of mind (and mine!) that my explanation is correct!
Comment 21 claire robinson 2013-02-13 13:23:19 CET
# su -s /bin/bash ircd-hybrid

[ircd-hybrid@mega ~]$ ircd-hybrid -foreground -configfile /etc/ircd-hybrid/ircd.conf 

ircd: version hybrid-7.2.3
ircd: pid 25019
ircd: running in foreground mode from /usr
--(end of buffer or a NUL)
--accepting rule at line 77 ("# Hybrid 7 minimal example configuration file")
--(end of buffer or a NUL)
--accepting rule at line 74 ("
#")
--accepting rule at line 77 ("#")
--(end of buffer or a NUL)
--accepting rule at line 74 ("
# $Id: simple.conf 33 2005-10-02 20:50:00Z knight $")
--accepting rule at line 77 ("# $Id: simple.conf 33 2005-10-02 20:50:00Z knight $")
--(end of buffer or a NUL)

..etc

--accepting rule at line 77 ("#};")
--(end of buffer or a NUL)
--accepting rule at line 74 ("
")
--(end of buffer or a NUL)
--EOF (start condition 0)

$ ps aux | grep hybrid
root     23700  0.0  0.0  60032  1852 pts/1    S    11:45   0:00 su -s /bin/bash ircd-hybrid
458      25525  0.0  0.0   9680   876 pts/1    S+   11:57   0:00 grep hybrid


I changed the log level to debug in ircd.conf and tried it again but it doesn't show any extra details. It does show this though..

[2013/2/13 12.01] "/etc/ircd-hybrid/ircd.conf", line 149: syntax error:  fname_userlog="/var/log/ircd-hybrid/user.log";
[2013/2/13 12.01] binding listener socket [0::/6667]:Address already in use
[2013/2/13 12.01] Unable to read configuration file '/etc/ircd-hybrid/kline.conf': No such file or directory
[2013/2/13 12.01] Unable to read configuration file '/etc/ircd-hybrid/rkline.conf': No such file or directory
[2013/2/13 12.01] Unable to read configuration file '/etc/ircd-hybrid/dline.conf': No such file or directory
[2013/2/13 12.01] Unable to read configuration file '/etc/ircd-hybrid/xline.conf': No such file or directory
[2013/2/13 12.01] Unable to read configuration file '/etc/ircd-hybrid/rxline.conf': No such file or directory
[2013/2/13 12.01] Unable to read configuration file '/etc/ircd-hybrid/nresv.conf': No such file or directory
[2013/2/13 12.01] Unable to read configuration file '/etc/ircd-hybrid/cresv.conf': No such file or directory
[2013/2/13 12.01] Could not load core modules. Terminating!

# netstat -ant | grep 666

Shows nothing though.

i586 worked without any modification.

The only mention of kline in ircd.conf is the permission in the operator stanza, with unkline. If this were a config problem you'd think it would affect i586 and x86_64 equally.
Comment 22 claire robinson 2013-02-13 13:24:30 CET
On i586

# service ircd-hybrid start
Starting ircd-hybrid (via systemctl):                           [  OK  ]
# ps ax -O cgroup | grep ircd
 6818 name=systemd:/user/ircd-hybrid/c1   S ?        00:00:00 /usr/sbin/ircd-hybrid
Comment 23 claire robinson 2013-02-13 13:26:40 CET
x86_64 only shows lirc and itself as the service doesn't start.
Comment 24 Colin Guthrie 2013-02-13 13:43:54 CET
I reckon it's something to do with IPv6.

Perhaps it bails because it cannot bind on the IPv6 address. Already in use could mean that it's somehow conflicting with itself when binding like this.

I'm not an IPv6 expert yet, but I did read this yesterday:

They share address space; IPv4 is blended into IPv6 at 
::ffff:0000:0000/96, and so something listening on [::] also listens on 
0.0.0.0 by default.

So perhaps this error:
[2013/2/13 12.01] binding listener socket [0::/6667]:Address already in use

Is somehow because it's conflicting with itself? I'm really not sure, but considering you cannot get the original working there and I have been running it happily for some time, I can only presume it's some kind of setup error on that machine in some capacity.

That said, I'm still running on the older (original) kernel for now, so I'll see when I get around to rebooting and installing the 3.4 kernel).

Either way, you may want to consider my successful tests sufficient for validation here while you narrow down exactly what's wrong?
Comment 25 claire robinson 2013-02-13 14:19:38 CET
I'll create a new bug for it colin, sure.

Given it is failing completely on an updated machine I'd rather somebody else checks x86_64 too, if it's ok.

I literally only installed and tried to start it on both machines, one starts and I can connect to it but the other doesn't. It could be some obscure network issue so if it works for somebody else x86_64 I'm happy to validate it.
Comment 26 Carolyn Rowse 2013-02-13 17:34:15 CET
I couldn't get it to start on x86_64 either.

From LXTerminal:

[root@localhost carolyn]# service ircd-hybrid start
Starting ircd-hybrid (via systemctl):  Job failed. See system journal and 'systemctl status' for details.
                                                                [FAILED]
[root@localhost carolyn]# systemctl status ircd-hybrid.service
ircd-hybrid.service - LSB: Internet Relay Chat Server
	  Loaded: loaded (/etc/rc.d/init.d/ircd-hybrid)
	  Active: failed (Result: resources) since Wed, 13 Feb 2013 16:21:41 +0000; 8min ago
	 Process: 3090 ExecStart=/etc/rc.d/init.d/ircd-hybrid start (code=exited, status=0/SUCCESS)
	  CGroup: name=systemd:/system/ircd-hybrid.service


and from /var/log/syslog:

Feb 13 16:21:41 localhost systemd[1]: PID file /var/run/ircd-hybrid/ircd-hybrid.pid not readable (yet?) after start.
Feb 13 16:21:41 localhost systemd[1]: Unit ircd-hybrid.service entered failed state.
Feb 13 16:26:31 localhost sensord: Chip: acpitz-virtual-0
Feb 13 16:26:31 localhost sensord: Adapter: Virtual device
Feb 13 16:26:31 localhost sensord:   temp1: 39.0 C
Feb 13 16:26:31 localhost sensord: Chip: coretemp-isa-0000
Feb 13 16:26:31 localhost sensord: Adapter: ISA adapter
Feb 13 16:26:31 localhost sensord:   Physical id 0: 39.0 C
Feb 13 16:26:31 localhost sensord:   Core 0: 39.0 C
Feb 13 16:26:31 localhost sensord:   Core 1: 39.0 C
Feb 13 16:28:38 localhost pcscd[3356]: 00000000 utils.c:53:GetDaemonPid() Can't open /var/run/pcscd.pid: No such file or directory


Carolyn
Comment 27 claire robinson 2013-02-13 19:38:00 CET
Colin this does seem to be x86_64 rather than just my x86_64, but it isn't a regression with this update.

Do you want to look into it now or shall we create a new bug?
Comment 28 Colin Guthrie 2013-02-13 21:24:25 CET
I've reproduced it here...

I also remember the problem (so my bad for not fixing it sooner!)

A quick strace showed that it's looking in /usr/lib/ircd-hybrid/modules for loadable modules.

chdir("/usr/lib/ircd-hybrid/modules")   = -1 ENOENT (No such file or directory)


I guess I just chucked in a symlink in my office machine and forgot about it :s

[colin@summit ~]$ ls /usr/lib/ircd-hybrid -l
lrwxrwxrwx 1 root root 20 Sep  7  2011 /usr/lib/ircd-hybrid -> ../lib64/ircd-hybrid/


I'll push a proper fix shortly.
Comment 29 Colin Guthrie 2013-02-13 22:15:58 CET
OK, I've fixed things up I think. Tested the fixes on cauldron and the mga2 stuff should be much the same (I've specifically tweaked the bits I know are different).

Fixes applied:
 * Module+Messages path under x86_64 is fixed.
 * Added systemd unit to prevent the startup failure report (even if it runs OK) under systemd.

All seems fine here, but I will test on both my 64 bit machines when done.

Thanks for being patient and sorry for not fixing the issue I found waaay back when - it was a busy time and I pretty much instantly forgot about it.

ircd-hybrid-7.2.3-10.2.mga2 on it's way to a mirror near you soon.
Comment 30 Colin Guthrie 2013-02-13 23:35:10 CET
FWIW, tested on two x86_64 machines and both seem fine (with my hacky symlink removed!), but I'll let claire do the official confirmation.

Note that when you update an existing machine on i586, if ircd-hybrid process is running, you'll have to kill it manually as systemd has "lost" the process due to it escaping it's cgroup. This isn't something we can easily work around without horrible hacks so I figure it's an edge case. Could be worth documenting in the advisory tho'.

"Please note that due to the previously suboptimal nature of the sysvinit script, systemd systems would not correctly detect the daemon process as running and thus could stop the service. As a result, you may have to manually kill the process and start the service after upgrading (i.e. killall ircd-hybrid; systemctl start ircd-hybrid.service)"
Comment 31 David Walser 2013-02-13 23:53:39 CET
"thus could stop the service"

shouldn't that be:

"thus could fail to stop the service"

?
Comment 32 Colin Guthrie 2013-02-13 23:55:50 CET
Oops, yeah I missed out "not": "and thus could NOT stop the service"... Feel free to reword it as you see fit tho' :)
Comment 33 David Walser 2013-02-13 23:57:57 CET
Advisory:
========================

Updated ircd-hybrid packages fix security vulnerability:

Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an
Internet Relay Chat server. A remote attacker may use an error in the masks
validation and crash the server (CVE-2013-0238).

Please note that due to the previously suboptimal nature of the sysvinit
script, systemd systems would not correctly detect the daemon process as
running and thus could not stop the service. As a result, you may have to
manually kill the process and start the service after upgrading (i.e.
killall ircd-hybrid; systemctl start ircd-hybrid.service).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0238
http://www.debian.org/security/2013/dsa-2618
========================

Updated packages in core/updates_testing:
========================
ircd-hybrid-7.2.3-10.2.mga2
ircd-hybrid-devel-7.2.3-10.2.mga2

from ircd-hybrid-7.2.3-10.2.mga2.src.rpm
Comment 34 claire robinson 2013-02-14 10:01:54 CET
Thanks Colin. Confirmed it starts now with systemctl, the service command now fails with 'env: /etc/init.d/ircd-hybrid: Permission denied'.


Other services usually say 'via systemctl'. eg:

# service httpd restart
Restarting httpd (via systemctl):                         [  OK  ]

This is a slight regression as the init script is no longer executable

-rw-r--r-- 1 root root  1614 Feb 13 21:13 ircd-hybrid


Is this intended Colin?


Confirmed that when started with 'systemctl start ircd-hybrid.service' I can then connect to the server.
Comment 35 Colin Guthrie 2013-02-14 10:07:13 CET
(In reply to comment #34)
> -rw-r--r-- 1 root root  1614 Feb 13 21:13 ircd-hybrid

Sigh. No, not intended.... fixing.
Comment 36 Colin Guthrie 2013-02-14 10:09:28 CET
OK, should be fixed in the next build... I missed the defattr() stuff in the spec (it's quite a messy spec IMO)
Comment 37 claire robinson 2013-02-14 10:22:11 CET
Could you also please check for any unintentional files which might have crept into /var/lib/ircd-hybrid/

Seemed to be a number of hidden files which had no place there.

Sorry :\
Comment 38 claire robinson 2013-02-14 10:23:52 CET
No, sorry, ignore that one. That's my eyes playing tricks on me.
Comment 39 claire robinson 2013-02-14 18:23:43 CET
Retested mga2 32 & 64

Validating, thanks Colin.



Advisory:
========================

Updated ircd-hybrid packages fix security vulnerability:

Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an
Internet Relay Chat server. A remote attacker may use an error in the masks
validation and crash the server (CVE-2013-0238).

Please note that due to the previously suboptimal nature of the sysvinit
script, systemd systems would not correctly detect the daemon process as
running and thus could not stop the service. As a result, you may have to
manually kill the process and start the service after upgrading (i.e.
killall ircd-hybrid; systemctl start ircd-hybrid.service).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0238
http://www.debian.org/security/2013/dsa-2618
========================

Could sysadmin please push ircd-hybrid-7.2.3-10.3.mga2.src.rpm from core/updates_testing to core/updates

Thanks
Comment 40 Thomas Backlund 2013-02-16 20:31:24 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0055

Note You need to log in before you can comment on or make changes to this bug.