Vulnerability Note VU#212651

InspIRCd heap corruption vulnerability

Original Release date: 19 Mar 2012 | Last revised: 09 Apr 2012

Overview

InspIRCd 2.0.5 and possibly other versions contain a heap corruption vulnerability that may be exploited with a specifically crafted DNS query.

Description

InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res[] buffer is allocated on the heap and can be overflowed. The res[] buffer can be exploited during its deallocation. The number of overflowed bytes can be controlled with DNS compression features.

Impact

A remote unauthenticated attacker may be able to execute arbitrary code with the permissions of the user running the InspIRCd service.

Solution

Apply an Update

InspIRCd 1.2.9 RC1, 2.0.6 RC1, and 2.1.0 B3 have addressed this vulnerability.

Configuration Change

The issue may be mitigated in some scenarios by changing your configuration file so <performance:nouserdns> is set to yes.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
InspIRCdAffected06 Feb 201219 Mar 2012
SUSE LinuxNot Affected07 Feb 201213 Feb 2012
Debian GNU/LinuxUnknown07 Feb 201207 Feb 2012
Gentoo LinuxUnknown07 Feb 201207 Feb 2012
Mandriva S. A.Unknown07 Feb 201207 Feb 2012
Red Hat, Inc.Unknown07 Feb 201207 Feb 2012
Slackware Linux Inc.Unknown07 Feb 201207 Feb 2012
UbuntuUnknown07 Feb 201207 Feb 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal 5.3 E:POC/RL:OF/RC:C
Environmental 5.3 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Tomasz Salacinski of CERT Polska for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: Unknown
  • Date Public: 19 Mar 2012
  • Date First Published: 19 Mar 2012
  • Date Last Updated: 09 Apr 2012
  • Severity Metric: 1.06
  • Document Revision: 25

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.