bip: Multiple vulnerabilities — GLSA 201201-18

Multiple vulnerabilities in bip might allow remote unauthenticated attackers to cause a Denial of Service or possibly execute arbitrary code.

Affected Packages

net-irc/bip on all architectures
Affected versions < 0.8.8-r1
Unaffected versions >= 0.8.8-r1

Background

bip is a multi-user IRC proxy with SSL support.

Description

Multiple vulnerabilities have been discovered in bip:

  • Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash (CVE-2010-3071).
  • Julien Tinnes reported that bip does not check the number of open file descriptors against FD_SETSIZE, resulting in a stack buffer overflow (CVE-2012-0806).

Impact

A remote attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the user running the bip daemon, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All bip users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/bip-0.8.8-r1"
 

NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version of bip and is included in this advisory for completeness.

References

Release Date
January 30, 2012

Latest Revision
January 30, 2012: 1

Severity
high

Exploitable
remote

Bugzilla entries