ArchLinux: 201907-1: irssi: arbitrary code execution

    Date09 Jul 2019
    CategoryArchLinux
    1005
    Posted ByLinuxSecurity Advisories
    The package irssi before version 1.2.1-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201907-1
    =========================================
    
    Severity: High
    Date    : 2019-07-01
    CVE-ID  : CVE-2019-13045
    Package : irssi
    Type    : arbitrary code execution
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-999
    
    Summary
    =======
    
    The package irssi before version 1.2.1-1 is vulnerable to arbitrary
    code execution.
    
    Resolution
    ==========
    
    Upgrade to 1.2.1-1.
    
    # pacman -Syu "irssi>=1.2.1-1"
    
    The problem has been fixed upstream in version 1.2.1.
    
    Workaround
    ==========
    
    Disable SASL authentication.
    
    Description
    ===========
    
    Irssi 1.0.x before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1,
    when SASL is enabled, has a use after free when sending SASL login to
    the server.
    
    Impact
    ======
    
    A remote attacker in position of man-in-the-middle or controlling the
    IRC server might be able to crash or execute arbitrary code on an
    affected host.
    
    References
    ==========
    
    https://irssi.org/security/irssi_sa_2019_06.txt
    https://www.openwall.com/lists/oss-security/2019/06/29/1
    https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955
    https://security.archlinux.org/CVE-2019-13045
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.