~ubuntu-branches/ubuntu/gutsy/ircii-pana/gutsy-updates

Viewing changes to debian/patches/remote_exec_fix.patch

Committer: Bazaar Package Importer
Author(s): Kees Cook
Date: 2009-01-17 08:29:45 UTC
Revision ID: james.westby@ubuntu.com-20090117082945-uszs5d79yeiabxtb

Tags: 1:1.1-4ubuntu4.1

* SECURITY UPDATE: fully solve remote IRC command execution.
- Updated debian/patches/remote_exec_fix.patch: corrected the
check, thanks to Kurt Roeckx (CVE-2007-3360).

files modified:
debian/changelog

debian/patches/remote_exec_fix.patch

Show diffs side-by-side

added added

removed removed

debian/patches/remote_exec_fix.patch

Ubuntu: https://bugs.edge.launchpad.net/bugs/129771

Upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432120

Description: remote IRC servers were able to execute arbitrary commands

by sending a client certain data containing NICK and EXEC strings,

which exceeds the bounds of a hash table, and injects an EXEC hook

function that receives and executes shell commands. (CVE-2007-3360)

Index: ircii-pana-1.1/source/hook.c

===================================================================

--- ircii-pana-1.1.orig/source/hook.c 2007-10-02 10:45:26.545140712 +0200

+++ ircii-pana-1.1/source/hook.c 2007-10-02 11:38:11.725514106 +0200

--- ircii-pana-1.1.orig/source/hook.c 2003-04-10 18:09:07.000000000 -0700

+++ ircii-pana-1.1/source/hook.c 2009-01-17 08:29:17.000000000 -0800

@@ -841,6 +841,10 @@

* Figure out where the hooks are for the event type were asserting

/* Numeric list */

+ if(which > sizeof(hook_functions) - 1)

+ if(which > sizeof(hook_functions)/sizeof(*hook_functions) - 1)

+ return NO_ACTION_TAKEN;

if (which < 0)

Older »