[oss-security] CVE Request - ZNC

From: Kurt Seifried <kurt_at_nospam>
Date: Mon Aug 09 2010 - 23:36:27 GMT
To: oss-security@lists.openwall.com

Vincent Danen 2010-08-09 17:44:43 EDT

An out-of-range flaw was found in znc where if it received a "PING" from a
client without an argument, std::string would throw a std::out_of_range
exception which killed znc. This is fixed in subversion [1].

Some unsafe substr() calls were fixed as well. These are of lesser impact
because a valid login is required in order to cause a std::out_of_range
exception. This is also fixed in subversion [2].

[1] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
[2] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095

http://en.znc.in/wiki/ZNC
https://bugzilla.redhat.com/show_bug.cgi?id=622601
https://bugzilla.redhat.com/show_bug.cgi?id=622600

-- Kurt Seifried kurt@seifried.org tel: 1-703-879-3176

This message: [ Message body ]
Next message: Kurt Seifried: "[oss-security] Re: CVE Request - ZNC"
Previous message: Robert ÅšwiÄ™cki: "Re: [oss-security] CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more"
Next in thread: Kurt Seifried: "[oss-security] Re: CVE Request - ZNC"
Reply: Kurt Seifried: "[oss-security] Re: CVE Request - ZNC"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]