Package: bip
Version: 0.8.2-1
Severity: grave
Tags: security
Unauthenticated users can easily cause a NULL pointer dereference in bip (bip is
listening at localhost:7778):
$ echo USER | telnet localhost 7778
<other window>
==25787== Process terminating with default action of signal 11 (SIGSEGV)
==25787== Access not within mapped region at address 0x0
==25787== at 0x11BE5C: bip_on_event (irc.c:2483)
==25787== by 0x11BF4A: irc_main (irc.c:2554)
==25787== by 0x113A97: main (bip.c:1316)
The NULL pointer dereference happens in this code:
if (r == ERR_PROTOCOL) {
mylog(LOG_ERROR, "[%s] Error in protocol, closing...",
LINK(lc)->name);
goto prot_err_lines;
}
AFAIK this has been reported upstream. However, I haven't talked directly with
any bip developer about this so far.
Cheers,
Uli
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-proposed-updates'), (50,
'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages bip depends on:
ii adduser 3.112 add and remove users and groups
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libssl0.9.8 0.9.8o-2 SSL shared libraries
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
bip recommends no packages.
bip suggests no packages.
-- Configuration Files:
/etc/bip.conf [Errno 13] Keine Berechtigung: u'/etc/bip.conf'
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
