Vulnerability Note VU#212651
InspIRCd heap corruption vulnerability
Overview
InspIRCd 2.0.5 and possibly other versions contain a heap corruption vulnerability that may be exploited with a specifically crafted DNS query.
Description
InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res[] buffer is allocated on the heap and can be overflowed. The res[] buffer can be exploited during its deallocation. The number of overflowed bytes can be controlled with DNS compression features. |
Impact
A remote unauthenticated attacker may be able to execute arbitrary code with the permissions of the user running the InspIRCd service. |
Solution
Apply an Update InspIRCd 1.2.9 RC1, 2.0.6 RC1, and 2.1.0 B3 have addressed this vulnerability. |
Configuration Change The issue may be mitigated in some scenarios by changing your configuration file so <performance:nouserdns> is set to yes. |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| InspIRCd | Affected | 06 Feb 2012 | 19 Mar 2012 |
| SUSE Linux | Not Affected | 07 Feb 2012 | 13 Feb 2012 |
| Debian GNU/Linux | Unknown | 07 Feb 2012 | 07 Feb 2012 |
| Gentoo Linux | Unknown | 07 Feb 2012 | 07 Feb 2012 |
| Mandriva S. A. | Unknown | 07 Feb 2012 | 07 Feb 2012 |
| Red Hat, Inc. | Unknown | 07 Feb 2012 | 07 Feb 2012 |
| Slackware Linux Inc. | Unknown | 07 Feb 2012 | 07 Feb 2012 |
| Ubuntu | Unknown | 07 Feb 2012 | 07 Feb 2012 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Temporal | 5.3 | E:POC/RL:OF/RC:C |
| Environmental | 5.3 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- https://github.com/inspircd/inspircd
- https://github.com/inspircd/inspircd/zipball/insp20
- https://github.com/inspircd/inspircd/commit/fe7dbd2c104c37f6f3af7d9f1646a3c332aea4a4
- http://www.irc-wiki.org/InspIRCd
Credit
Thanks to Tomasz Salacinski of CERT Polska for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
- CVE IDs: Unknown
- Date Public: 19 Mar 2012
- Date First Published: 19 Mar 2012
- Date Last Updated: 09 Apr 2012
- Severity Metric: 1.06
- Document Revision: 25
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.