Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27655
HistoryFeb 13, 2012 - 12:00 a.m.

[ GLSA 201201-18 ] bip: Multiple vulnerabilities

2012-02-1300:00:00
vulners.com
18
JSON

Gentoo Linux Security Advisory GLSA 201201-18

                                        http://security.gentoo.org/

Severity: High
Title: bip: Multiple vulnerabilities
Date: January 30, 2012
Bugs: #336321, #400599
ID: 201201-18

Synopsis

Multiple vulnerabilities in bip might allow remote unauthenticated
attackers to cause a Denial of Service or possibly execute arbitrary
code.

Background

bip is a multi-user IRC proxy with SSL support.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-irc/bip < 0.8.8-r1 >= 0.8.8-r1

Description

Multiple vulnerabilities have been discovered in bip:

  • Uli Schlachter reported that bip does not properly handle invalid
    data during authentication, resulting in a daemon crash
    (CVE-2010-3071).
  • Julien Tinnes reported that bip does not check the number of open
    file descriptors against FD_SETSIZE, resulting in a stack buffer
    overflow (CVE-2012-0806).

Impact

A remote attacker could exploit these vulnerabilities to execute
arbitrary code with the privileges of the user running the bip daemon,
or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All bip users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose ">=net-irc/bip-0.8.8-r1"

NOTE: The CVE-2010-3071 flaw was already corrected in an earlier
version of bip and is included in this advisory for completeness.

References

[ 1 ] CVE-2010-3071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3071
[ 2 ] CVE-2012-0806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-18.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Related

openvas 12
gentoo 1
nessus 7
securityvulns 1
prion 2
fedora 3
cve 2
ubuntucve 2
debiancve 2
debian 1
freebsd 1
openvas
openvas
Gentoo Security Advisory GLSA 201201-18 (bip)
2012-02-12 00:00:00
Gentoo Security Advisory GLSA 201201-18 (bip)
2012-02-12 00:00:00
Fedora Update for bip FEDORA-2010-15774
2011-01-14 00:00:00
gentoo
gentoo
bip: Multiple vulnerabilities
2012-01-30 00:00:00
nessus
nessus
GLSA-201201-18 : bip: Multiple vulnerabilities
2012-01-31 00:00:00
Debian DSA-2393-1 : bip - buffer overflow
2012-01-26 00:00:00
FreeBSD : bip -- buffer overflow (1c4cab30-5468-11e1-9fb7-003067b2972c)
2012-02-13 00:00:00
securityvulns
securityvulns
bip security vulnerabilities
2012-02-13 00:00:00
prion
prion
Null pointer dereference
2010-10-14 05:57:00
Buffer overflow
2012-01-27 00:55:00
fedora
fedora
[SECURITY] Fedora 13 Update: bip-0.8.6-1.fc13
2011-01-12 05:22:21
[SECURITY] Fedora 15 Update: bip-0.8.8-2.fc15
2012-02-04 05:27:58
[SECURITY] Fedora 16 Update: bip-0.8.8-2.fc16
2012-02-04 05:23:47
cve
cve
CVE-2010-3071
2010-10-14 05:57:00
CVE-2012-0806
2012-01-27 00:55:00
ubuntucve
ubuntucve
CVE-2010-3071
2010-10-14 00:00:00
CVE-2012-0806
2012-01-27 00:00:00
debiancve
debiancve
CVE-2010-3071
2010-10-14 05:57:00
CVE-2012-0806
2012-01-27 00:55:00
debian
debian
[SECURITY] [DSA-2393-1] bip security update
2012-01-25 15:56:21
freebsd
freebsd
bip -- buffer overflow
2012-01-07 00:00:00
JSON
Related for SECURITYVULNS:DOC:27655
openvas12gentoo1nessus7securityvulns1prion2fedora3cve2ubuntucve2debiancve2debian1freebsd1