IRC-Junkie.org – IRC News

All about Internet Relay Chat

InspIRCd 2.0.5 Vulnerability [Updated]

There has been a vulnerability reported in InspIRCd 2.0.5 and possibly other versions of the IRC daemon.

The problem lies in the buffer handling of dns.cpp, can be triggered by remote users and might result in arbitrary code execution according to the advisory.

 

There currently is a workaround in the form of a config setting, namely to set

<performance:nouserdns>

to yes.

 

There also have been pull requests on GitHub by Atheme developer nenolod which fix the underlying code, although those – as of now – haven’t been pulled in yet.

 

The fixes above have been pulled in and the official sources have been moved from Gitorious to GitHub.

 

Due to the serious nature of the vulnerability, watch the development of this closely and even though there currently are no reports of this vulnerability being exploited in the wild.

 

The advisory can be found here and one of the temporary InspIRCd websites (which is currently still down after a break-in into ChatSpike/InspIRCd servers) can be found here.

 

We’ll keep this entry updated on any new developments regarding this issue.

Copyright secured by Digiprove
Category: Hack, IRC, IRCd, Software
  • Trixar_za says:

    That’s the first time I’ve seen the IRC Wiki being used as a reference on an official site ( http://www.kb.cert.org/vuls/id/212651 ). I guess it’s slowly becoming notable ^^

    March 21, 2012 at 3:15 pm
    • phrozen77 says:

      Also, the main website is still offline so it is one of the few resources that still has some info on it…

      March 21, 2012 at 7:30 pm
  • William Pitcock says:

    It has been integrated into their GIT now.

    March 21, 2012 at 4:51 pm
  • Bram Matthys (Syzop) says:

    How can your main site (inspircd) be down for such a long time? It’s over a week now? It’s not even listed in google anymore.

    Also, a security vulnerability, sure.. bad.. but it happens. Having your site down for such a long time though, when you know you have to release a fix, that’s just bad.. really bad.
    And this can’t be a surprise for them, CERT data shows that the issue is known about since at least February 6 (http://www.kb.cert.org/vuls/id/212651, see Date Notified).
    Which brings me on another issue, waiting 6 weeks before releasing a fix to the public (oh, scratch that, there isn’t a new release..) is not a good idea either.
    Again, all software will experience security issues, but where you can make a difference is how to deal with it when you become aware of it.

    By the way, irc-wiki.org is no longer functional. This might have something to do with it:
    Expiration Date:21-Mar-2012 03:30:21 UTC

    What is it with everyone and their site!? ;)

    March 21, 2012 at 9:16 pm
  • Trixar_za says:

    *sigh* Always something…

    The domain should (hopefully) be back by early tomorrow, depending on when Timmy comes on to IRC.

    I should see if we can start renewing the domain for free considering it’s a free service and we don’t fund ourselves with ads or donations.

    March 22, 2012 at 12:00 am
  • William Pitcock says:

    For the record, will not protect networks fully. A/AAAA lookups can also be exploited in the same way.

    March 25, 2012 at 5:40 am
    • William Pitcock says:

      Erm: performance:nouserdns.

      March 25, 2012 at 5:41 am

Your email address will not be published. Required fields are marked *

*