Debian Bug report logs - #451875
CVE-2007-6034, CVE-2007-6062: Remote vulnerability in ngircd before 0.10.3

version graph

Package: ngircd; Maintainer for ngircd is Christoph Biedl <debian.axhn@manchmal.in-ulm.de>; Source for ngircd is src:ngircd (PTS, buildd, popcon).

Reported by: Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>

Date: Mon, 19 Nov 2007 01:15:01 UTC

Severity: important

Tags: patch, security

Found in version ngircd/0.10.0-2

Fixed in versions ngircd/0.10.3-1, ngircd/0.10.0-2etch1

Done: Andreas Barth <aba@not.so.argh.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Mario Iseli <mario@debian.org>:
Bug#451875; Package ngircd. (full text, mbox, link).


Acknowledgement sent to Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>:
New Bug report received and forwarded. Copy sent to Mario Iseli <mario@debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>
To: submit@bugs.debian.org
Subject: Remote vulnerability in ngircd before 0.10.3
Date: Mon, 19 Nov 2007 02:05:28 +0100
[Message part 1 (text/plain, inline)]
Package: ngircd
Version: 0.10.0-2
Severity: important
Tags: security

Hi,

according to the ngircd homepage there's an issue in ngircd before
0.10.3:

| ngIRCd-versions previous to 0.10.3 comprise an error which can be used
| (also by remote) to crash the daemon. All installations should be
| updated to version 0.10.3 or subsequent versions.

Can you please check whether the etch version of ngircd is affected
(I'd be really surprised if not) and prepare an according update? The
diff between 0.10.2 and 0.10.3 is quite short and seems to apply.

    Christoph

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.23.8
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages ngircd depends on:
ii  libc6                  2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii  libssp0                4.1.1-21          GCC stack smashing protection libr

ngircd recommends no packages.

-- no debconf information
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Mario Iseli <mario@debian.org>:
Bug#451875; Package ngircd. (full text, mbox, link).


Acknowledgement sent to Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>:
Extra info received and forwarded to list. Copy sent to Mario Iseli <mario@debian.org>. (full text, mbox, link).


Message #10 received at 451875@bugs.debian.org (full text, mbox, reply):

From: Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>
To: 451875@bugs.debian.org, control@bugs.debian.org
Subject: Re: Remote vulnerability in ngircd before 0.10.3
Date: Tue, 20 Nov 2007 10:27:30 +0100
[Message part 1 (text/plain, inline)]
tags patch
quit

Christoph Biedl wrote...

(...)

I did some tests:

> Can you please check whether the etch version of ngircd is affected
> (I'd be really surprised if not)

It is.

> The
> diff between 0.10.2 and 0.10.3 is quite short and seems to apply.

See the patch attached for a fix. Works for me.

    Christoph
[90-remote-vulnerability.dpatch (text/plain, attachment)]

Tags added: patch Request was from Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de> to control@bugs.debian.org. (Tue, 20 Nov 2007 09:39:01 GMT) (full text, mbox, link).


Tags added: Request was from Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de> to control@bugs.debian.org. (Wed, 21 Nov 2007 09:42:03 GMT) (full text, mbox, link).


Changed Bug title to `CVE-2007-6034, CVE-2007-6062: Remote vulnerability in ngircd before 0.10.3' from `Remote vulnerability in ngircd before 0.10.3'. Request was from Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de> to control@bugs.debian.org. (Wed, 21 Nov 2007 10:03:02 GMT) (full text, mbox, link).


Reply sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
You have taken responsibility. (full text, mbox, link).


Notification sent to Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>:
Bug acknowledged by developer. (full text, mbox, link).


Message #21 received at 451875-done@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: 451875-done@bugs.debian.org
Subject: patch included
Date: Sat, 5 Jan 2008 12:49:01 +0100
[Message part 1 (text/plain, inline)]
Hi

Patch is included in current sid version, thus closing this bug.

Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Mario Iseli <mario@debian.org>:
Bug#451875; Package ngircd. (full text, mbox, link).


Acknowledgement sent to Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>:
Extra info received and forwarded to list. Copy sent to Mario Iseli <mario@debian.org>. (full text, mbox, link).


Message #26 received at 451875@bugs.debian.org (full text, mbox, reply):

From: Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>
To: 451875@bugs.debian.org, control@bugs.debian.org, Steffen Joeris <steffen.joeris@skolelinux.de>
Subject: Re: Bug#451875 closed by Steffen Joeris <steffen.joeris@skolelinux.de> (patch included)
Date: Sat, 5 Jan 2008 13:54:41 +0100
[Message part 1 (text/plain, inline)]
reopen 451875
quit

Steffen Joeris wrote:

> Patch is included in current sid version, thus closing this bug.

Read the bug report from the very beginning. The problem is the stable
release of ngircd. Thus reopening.

Not amused.
[signature.asc (application/pgp-signature, inline)]

Bug reopened, originator not changed. Request was from Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de> to control@bugs.debian.org. (Sat, 05 Jan 2008 13:03:08 GMT) (full text, mbox, link).


Bug marked as fixed in version 0.10.3-1. Request was from Steffen Joeris <steffen.joeris@skolelinux.de> to control@bugs.debian.org. (Sat, 05 Jan 2008 13:09:14 GMT) (full text, mbox, link).


Reply sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
You have taken responsibility. (full text, mbox, link).


Notification sent to Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>:
Bug acknowledged by developer. (full text, mbox, link).


Message #35 received at 451875-done@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: control@bugs.debian.org
Cc: 451875-done@bugs.debian.org, Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>
Subject: Re: Bug#451875 closed by Steffen Joeris <steffen.joeris@skolelinux.de> (patch included)
Date: Sat, 5 Jan 2008 14:01:16 +0100
[Message part 1 (text/plain, inline)]
fixed 451875 0.10.3-1
thanks

On Sat, 5 Jan 2008 01:54:41 pm Christoph Biedl wrote:
> reopen 451875
> quit
The stable security team is aware of that issue, as it is in the security 
tracker[0]. 
By the way, this is marked as a minor issue and there won't be a DSA just for 
this issue. It can maybe be fixed with a stable upload in a point release, 
which needs to be checked with the release team.

I've marked the bug as fixed with the version specified in the security 
tracker and the BTS knows about versioning, so there is no point in having an 
open bug for stable.

> Steffen Joeris wrote:
> > Patch is included in current sid version, thus closing this bug.
>
> Read the bug report from the very beginning. The problem is the stable
> release of ngircd. Thus reopening.
>
> Not amused.
Not amused either.

Cheers
Steffen

[0]: http://security-tracker.debian.net/tracker/
[signature.asc (application/pgp-signature, inline)]

Reply sent to Andreas Barth <aba@not.so.argh.org>:
You have taken responsibility. (full text, mbox, link).


Notification sent to Christoph Biedl <debian.packages.hhqj@manchmal.in-ulm.de>:
Bug acknowledged by developer. (full text, mbox, link).


Message #40 received at 451875-close@bugs.debian.org (full text, mbox, reply):

From: Andreas Barth <aba@not.so.argh.org>
To: 451875-close@bugs.debian.org
Subject: Bug#451875: fixed in ngircd 0.10.0-2etch1
Date: Thu, 17 Jan 2008 19:52:13 +0000
Source: ngircd
Source-Version: 0.10.0-2etch1

We believe that the bug you reported is fixed in the latest version of
ngircd, which is due to be installed in the Debian FTP archive:

ngircd_0.10.0-2etch1.diff.gz
  to pool/main/n/ngircd/ngircd_0.10.0-2etch1.diff.gz
ngircd_0.10.0-2etch1.dsc
  to pool/main/n/ngircd/ngircd_0.10.0-2etch1.dsc
ngircd_0.10.0-2etch1_ia64.deb
  to pool/main/n/ngircd/ngircd_0.10.0-2etch1_ia64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 451875@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Barth <aba@not.so.argh.org> (supplier of updated ngircd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  5 Jan 2008 13:18:38 +0000
Source: ngircd
Binary: ngircd
Architecture: source ia64
Version: 0.10.0-2etch1
Distribution: stable
Urgency: medium
Maintainer: Mario Iseli <admin@marioiseli.com>
Changed-By: Andreas Barth <aba@not.so.argh.org>
Description: 
 ngircd     - Next generation IRC Server
Closes: 451875
Changes: 
 ngircd (0.10.0-2etch1) stable; urgency=medium
 .
   * Security upload fixing CVE-2007-6062: Remote vulnerability in
     ngircd before 0.10.3. Closes: #451875
   * Thanks to Sebastian Vesper for finding the issue.
   * Thanks to Christoph Biedl for noticing, the patch and reminding.
Files: 
 5facd147f7f2066620f1525fd468c1e8 594 net optional ngircd_0.10.0-2etch1.dsc
 ddbf7cb848354b62d46df5f633b39f17 9043 net optional ngircd_0.10.0-2etch1.diff.gz
 80cab697d97ac450a5b7192bb4afa43a 113692 net optional ngircd_0.10.0-2etch1_ia64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFHf4kQmdOZoew2oYURAlNdAJ47cxio0pWV8/nKtDB6vcTlj3b1kgCfYBos
RPj3emXBCBzcuFhc4LT7hWg=
=jfJy
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 15 Feb 2008 07:31:58 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 06:17:53 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.