Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Gentoo: GLSA-201201-18 High Threat: Bip Remote DoS Advisory

gentoo
Calendar Grey January 30, 2012
Dist Gentoo Esm H88
Gentoo advisory GLSA 202310-45 details xkz vulnerabilities allowing remote intruders to compromise systems or execute arbitrary commands.
Multiple vulnerabilities in bip might allow remote unauthenticated attackers to cause a Denial of Service or possibly execute arbitrary code

Summary

Multiple vulnerabilities have been discovered in bip: * Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash (CVE-2010-3071). * Julien Tinnes reported that bip does not check the number of open file descriptors against FD_SETSIZE, resulting in a stack buffer overflow (CVE-2012-0806).

Topics%20covered

Topics Covered

security advisory high severity gentoo remote access DoS multiple threats bip

Resolution

All bip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/bip-0.8.8-r1"
NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version of bip and is included in this advisory for completeness.

References

[ 1 ] CVE-2010-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3071 [ 2 ] CVE-2012-0806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201201-18
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: bip: Multiple vulnerabilities
Date: January 30, 2012
Bugs: #336321, #400599
ID: 201201-18

Topics%20covered

Topics Covered

security advisory high severity gentoo remote access DoS multiple threats bip

Synopsis

Multiple vulnerabilities in bip might allow remote unauthenticated attackers to cause a Denial of Service or possibly execute arbitrary code.

Background

bip is a multi-user IRC proxy with SSL support.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/bip < 0.8.8-r1 >= 0.8.8-r1

Impact

===== A remote attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the user running the bip daemon, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Your message here