[PKG-IRC-Maintainers] Bug#836706: certificate spoofing via crafted SASL messages

Guillaume Delacour gui at iroqwa.org
Tue Sep 6 21:30:09 UTC 2016


Please see attached the debdiff.
Also, please note that i can't upload myself to security-master as i'm
not a DD nor DM.

Le 06/09/2016 à 00:02, Guillaume Delacour a écrit :
> 
> 
> Le 05/09/2016 à 22:41, James Lu a écrit :
>> Hi,
> 
> Hi,
> 
>>
>> Just to narrow things down a bit, the relevant fix for InspIRCd 2.0 is
>> this commit
>> https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a
> 
> Yes, i've talked to upstream a few hours ago to include this particular
> fix to 2.0.17; upload of 2.0.23 will follow to unstable.
> 
>>
>> Best,
>> James
>>
> 

-- 
Guillaume Delacour


-------------- next part --------------
diff -Nru inspircd-2.0.17/debian/changelog inspircd-2.0.17/debian/changelog
--- inspircd-2.0.17/debian/changelog	2016-03-22 19:31:22.000000000 +0100
+++ inspircd-2.0.17/debian/changelog	2016-09-06 21:29:13.000000000 +0200
@@ -1,3 +1,10 @@
+inspircd (2.0.17-1+deb8u2) jessie-security; urgency=high
+
+  * m_sasl: don't allow AUTHENTICATE with mechanisms with a space
+    (CVE-2016-7142)
+
+ -- Guillaume Delacour <gui at iroqwa.org>  Tue, 06 Sep 2016 01:58:19 +0200
+
 inspircd (2.0.17-1+deb8u1) jessie-security; urgency=high
 
   * Non-maintainer upload by the Wheezy LTS Team. 
diff -Nru inspircd-2.0.17/debian/patches/CVE-2016-7142.patch inspircd-2.0.17/debian/patches/CVE-2016-7142.patch
--- inspircd-2.0.17/debian/patches/CVE-2016-7142.patch	1970-01-01 01:00:00.000000000 +0100
+++ inspircd-2.0.17/debian/patches/CVE-2016-7142.patch	2016-09-06 21:29:13.000000000 +0200
@@ -0,0 +1,31 @@
+From 74fafb7f11b06747f69f182ad5e3769b665eea7a Mon Sep 17 00:00:00 2001
+From: Adam <Adam at anope.org>
+Date: Fri, 2 Sep 2016 22:57:03 -0400
+Subject: [PATCH] m_sasl: don't allow AUTHENTICATE with mechanisms with a space
+
+---
+ src/modules/m_sasl.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
+index 9cb5592..16a1535 100644
+--- a/src/modules/m_sasl.cpp
++++ b/src/modules/m_sasl.cpp
+@@ -189,6 +189,7 @@ class CommandAuthenticate : public Command
+ 		: Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
+ 	{
+ 		works_before_reg = true;
++		allow_empty_last_param = false;
+ 	}
+ 
+ 	CmdResult Handle (const std::vector<std::string>& parameters, User *user)
+@@ -199,6 +200,9 @@ class CommandAuthenticate : public Command
+ 			if (!cap.ext.get(user))
+ 				return CMD_FAILURE;
+ 
++			if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
++				return CMD_FAILURE;
++
+ 			SaslAuthenticator *sasl = authExt.get(user);
+ 			if (!sasl)
+ 				authExt.set(user, new SaslAuthenticator(user, parameters[0]));
diff -Nru inspircd-2.0.17/debian/patches/series inspircd-2.0.17/debian/patches/series
--- inspircd-2.0.17/debian/patches/series	2016-03-22 19:29:23.000000000 +0100
+++ inspircd-2.0.17/debian/patches/series	2016-09-06 22:55:05.000000000 +0200
@@ -2,3 +2,4 @@
 01_dpkg-buildflags_support.diff
 03_gnutls_crypt_api_instead_gcrypt.diff
 CVE-2015-8702.patch
+CVE-2016-7142.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-irc-maintainers/attachments/20160906/b024dfd9/attachment.sig>


More information about the Pkg-irc-maintainers mailing list