oss-sec: Re: CVE request: irssi 0.8.15

oss-sec mailing list archives

Re: CVE request: irssi 0.8.15

From: Josh Bressers <bressers () redhat com>
Date: Mon, 12 Apr 2010 15:41:34 -0400 (EDT)


----- "Tobias Heinlein" <keytoaster () gentoo org> wrote:

Not sure if everyone has seen this yet:

http://irssi.org/

"This release fixes two security issues: The first being that Irssi
didn't check hostname on SSL connections and the other being a hard
to
exploit remote crash bug."

Some further information can be found in the ChangeLog:
http://irssi.org/news/ChangeLog


This is a bit more than what it appears.

The SSL commit is here:
http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab

From reading the code it really fixes two things.


It fixes the old "does not properly handle a '\0' character in a domain
name in the subject's Common Name (CN) field" flaw, plus also verifies that
the server being connected to is the one listed in the certificate.

Let's assign these as such:
CVE-2010-1154 irssi 0.8.15 /0 in CN field
CVE-2010-1155 irssi 0.8.15 certificate host validation

The crash bits mentioned in the changelog are very ambiguous. The git tree
isn't any more clear than that. There appear to be two crashes, both sound
like NULL pointer dereferences that cannot be triggered by an attacker. If
I'm wrong, please speak up.

-- 
    JB

By Date By Thread

Current thread:

CVE request: irssi 0.8.15 Tobias Heinlein (Apr 11)
- <Possible follow-ups>
- Re: CVE request: irssi 0.8.15 Josh Bressers (Apr 12)
  - Re: CVE request: irssi 0.8.15 Steven M. Christey (Apr 12)
    - Re: CVE request: irssi 0.8.15 Josh Bressers (Apr 13)
  - Re: CVE request: irssi 0.8.15 Tomas Hoger (Apr 13)
- Re: CVE request: irssi 0.8.15 Wouter Coekaerts (Apr 13)
  - Re: Re: CVE request: irssi 0.8.15 Jamie Strandboge (Apr 17)
    - Re: Re: CVE request: irssi 0.8.15 Wouter Coekaerts (Apr 26)
    - Re: Re: CVE request: irssi 0.8.15 Steve Langasek (Apr 27)