InspIRCd heap corruption vulnerability

2012-03-19T00:00:00
ID VU:212651
Type cert
Reporter CERT
Modified 2012-04-09T20:08:00

Description

Overview

InspIRCd 2.0.5 and possibly other versions contain a heap corruption vulnerability that may be exploited with a specifically crafted DNS query.

Description

InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res[] buffer is allocated on the heap and can be overflowed. The res[] buffer can be exploited during its deallocation. The number of overflowed bytes can be controlled with DNS compression features.


Impact

A remote unauthenticated attacker may be able to execute arbitrary code with the permissions of the user running the InspIRCd service.


Solution

Apply an Update

InspIRCd 1.2.9 RC1, 2.0.6 RC1, and 2.1.0 B3 have addressed this vulnerability.


Configuration Change

The issue may be mitigated in some scenarios by changing your configuration file so <performance:nouserdns> is set to yes.


Vendor Information

212651

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

InspIRCd Affected

Notified: February 06, 2012 Updated: March 19, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Not Affected

Notified: February 07, 2012 Updated: February 13, 2012

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified: February 07, 2012 Updated: February 07, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux Unknown

Notified: February 07, 2012 Updated: February 07, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mandriva S. A. Unknown

Notified: February 07, 2012 Updated: February 07, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc. Unknown

Notified: February 07, 2012 Updated: February 07, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified: February 07, 2012 Updated: February 07, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu Unknown

Notified: February 07, 2012 Updated: February 07, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal | 5.3 | E:POC/RL:OF/RC:C
Environmental | 5.3 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • <https://github.com/inspircd/inspircd>
  • <https://github.com/inspircd/inspircd/zipball/insp20>
  • <https://github.com/inspircd/inspircd/commit/fe7dbd2c104c37f6f3af7d9f1646a3c332aea4a4>
  • <http://www.irc-wiki.org/InspIRCd>

Acknowledgements

Thanks to Tomasz Salacinski of CERT Polska for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: | None
---|---
Severity Metric: | 1.06
Date Public: | 2012-03-19
Date First Published: | 2012-03-19
Date Last Updated: | 2012-04-09 20:08 UTC
Document Revision: | 26