Date: Sat, 15 Jan 2005 22:02:04 GMT From: Gerrit Beine <tux@pinguru.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/76297: Update port: irc/unreal (Security Fix) Message-ID: <200501152202.j0FM24br078393@www.freebsd.org> Resent-Message-ID: <200501152210.j0FMAJbu074339@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76297 >Category: ports >Synopsis: Update port: irc/unreal (Security Fix) >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jan 15 22:10:19 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Gerrit Beine >Release: FreeBSD 5.3-RELEASE >Organization: pitcom GmbH >Environment: FreeBSD asus.site 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 12 23:43:33 CET 2004 root@asus.site:/usr/src/sys/i386/compile/ASUS i386 >Description: Please use this instead of http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/76274 Update to version 3.2.2, including Security Fix: SECURITY ADVISORY ================== A serious Denial-of-Service issue has been discovered in UnrealIRCd. ==[ AFFECTED VERSIONS ]== Affected: - - Unreal3.2: beta18, beta19, RC-1, RC-2, 3.2, 3.2.1, 3.2.2 Unaffected: - - versions older than beta18 (OLD, UNSUPPORTED) - - 3.1* (VERY OLD, UNSUPPORTED) - - If you have NO servers and NO services linked and you are using a vulnerable version then this problem does not occur (this is however an uncommon configuration) Fixed in/by: - - Hot-patched 3.2* servers (see FIX) - - The newly released 3.2.2b (for fresh installs) - - CVS from January 15 03:00 GMT and later ==[ PROBLEM ]== There's a severe crashbug present in UnrealIRCd that can quite easily be triggered by users. No code execution or anything like that is possible (it's a NULL pointer dereference), but it does cause a crash, which is of course serious enough. Server admins should apply the fix (which does not require a server restart) as soon as possible before an exploit will become widespread (within 24h is recommended). During the time of writing (Jan15 19:00 GMT) there are no signs of "bad users" causing crashes, but we expect that this will happen after public announcement of this bug. ==[ WORKAROUND ]== There's no safe workaround, but see next for an easy fix. ==[ FIX ]== Thanks to modulized commands we have created a "hot patch" utility that will fix the issue WITHOUT requiring a server restart, all you will have to do is install it and rehash. This patch can be used on Unreal3.2-RC2, 3.2, 3.2.1 and 3.2.2. Older version (eg: beta's) are not supported, in that case we suggest you to upgrade to 3.2 (and apply this patch) or 3.2.2b. >How-To-Repeat: >Fix: diff -Nur /usr/ports/irc/unreal/Makefile unreal/Makefile --- /usr/ports/irc/unreal/Makefile Thu Jul 22 04:01:55 2004 +++ unreal/Makefile Sat Jan 15 14:25:08 2005 @@ -1,14 +1,12 @@ # Ports collection makefile for: Unreal-IRCd # Date created: 15 April 2004 # Whom: Gerrit Beine (<tux@pinguru.net>) -# ToDo: Make the configuration more flexible using -DOPTION for the -# configuration values, especially support for IPv6. # # $FreeBSD: ports/irc/unreal/Makefile,v 1.3 2004/07/22 02:01:55 ijliao Exp $ # PORTNAME= Unreal -PORTVERSION= 3.2.1 +PORTVERSION= 3.2.2 CATEGORIES= irc MASTER_SITES= http://mirror.nimsay-networks.com/unrealircd/ \ http://unrealircd.za.net/ \ @@ -19,16 +17,11 @@ MAINTAINER= tux@pinguru.net COMMENT= Unreal - the next generation ircd -SQLMOD= Unreal/SQLMod.tar.gz - WRKSRC= ${WRKDIR}/${PORTNAME}3.2 HAS_CONFIGURE= yes -CONFIGURE_ARGS= --enable-nospoof \ - --enable-hub \ - --enable-ziplinks \ - --with-listen=5 \ +CONFIGURE_ARGS= --with-listen=5 \ --with-dpath=${PREFIX}/Unreal \ --with-spath=${PREFIX}/Unreal/ircd \ --with-nick-history=2000 \ @@ -38,15 +31,28 @@ --with-fd-setsize=1024 \ --enable-dynamic-linking +OPTIONS= HUB "Configure as a hub (otherwise configure as a leaf)" on \ + NOSPOOF "Enable anti-spoof protection" off \ + ZIPLINKS "Enable ziplinks support" off \ + SSL "Support SSL connecions" off \ + IPV6 "Enable ipv6 support" off \ + PREFIXAQ "Enable prefixes for chanadmin and chanowner" off +# REMOTE "Enable remote includes" off \ this does not work at the moment + +SQLMOD= Unreal/SQLMod.tar.gz + .include <bsd.port.pre.mk> -.if exists(${DISTDIR}/${SQLMOD}) -USE_MYSQL= yes -WITH_SQLMOD= yes -MAKE_ARGS= all custommodule MODULEFILE=m_sqlmod -PLIST_FILES+= Unreal/modules/m_sqlmod.so Unreal/m_sqlmod.conf \ - Unreal/doc/Changes.sqlmod Unreal/doc/README.sqlmod \ - Unreal/doc/LICENSE.sqlmod +.if defined(WITH_HUB) +CONFIGURE_ARGS+= --enable-hub +.endif + +.if defined(WITH_NOSPOOF) +CONFIGURE_ARGS+= --enable-nospoof +.endif + +.if defined(WITH_ZIPLINKS) +CONFIGURE_ARGS+= --enable-ziplinks .endif .if defined(WITH_IPV6) @@ -58,6 +64,24 @@ USE_OPENSSL= yes .endif +.if defined(WITH_REMOTE) +LIB_DEPENDS+= curl.3:${PORTSDIR}/ftp/curl +CONFIGURE_ARGS+= --enable-libcurl=/usr/local +.endif + +.if defined(WITH_PREFIXAQ) +CONFIGURE_ARGS+= --enable-prefixaq +.endif + +.if exists(${DISTDIR}/${SQLMOD}) +USE_MYSQL= yes +WITH_SQLMOD= yes +MAKE_ARGS= all custommodule MODULEFILE=m_sqlmod +PLIST_FILES+= Unreal/modules/m_sqlmod.so Unreal/m_sqlmod.conf \ + Unreal/doc/Changes.sqlmod Unreal/doc/README.sqlmod \ + Unreal/doc/LICENSE.sqlmod +.endif + post-extract: .if defined(WITH_SQLMOD) @${TAR} xfz ${DISTDIR}/${SQLMOD} -C ${WRKSRC} @@ -69,6 +93,9 @@ .if defined(WITH_SQLMOD) @${PATCH} -d ${WRKSRC} < ${WRKSRC}/SQLMod/patch .endif + +pre-configure: + @${ECHO} ${CONFIGURE_ARGS} post-install: .if defined(WITH_SQLMOD) diff -Nur /usr/ports/irc/unreal/distinfo unreal/distinfo --- /usr/ports/irc/unreal/distinfo Thu Jul 22 04:01:55 2004 +++ unreal/distinfo Sat Jan 15 13:40:00 2005 @@ -1,2 +1,2 @@ -MD5 (Unreal3.2.1.tar.gz) = ebe56fd42fc229681f527932eaa173cc -SIZE (Unreal3.2.1.tar.gz) = 1614434 +MD5 (Unreal3.2.2.tar.gz) = 75dc34b59d987a91e25290b29986149e +SIZE (Unreal3.2.2.tar.gz) = 1706123 diff -Nur /usr/ports/irc/unreal/files/patch-m_kick.c unreal/files/patch-m_kick.c --- /usr/ports/irc/unreal/files/patch-m_kick.c Thu Jan 1 01:00:00 1970 +++ unreal/files/patch-m_kick.c Thu Jan 13 22:57:33 2005 @@ -0,0 +1,30 @@ +Index: src/modules/m_kick.c +=================================================================== +RCS file: /home/cmunk/ircsystems/cvsroot/unreal/src/modules/Attic/m_kick.c,v +retrieving revision 1.1.2.2.2.4 +diff -u -r1.1.2.2.2.4 m_kick.c +--- src/modules/m_kick.c 6 Oct 2004 20:33:13 -0000 1.1.2.2.2.4 ++++ src/modules/m_kick.c 13 Jan 2005 21:53:55 -0000 +@@ -302,13 +302,17 @@ + !(lp->flags & (CHFL_CHANOP|CHFL_CHANPROT|CHFL_CHANOWNER))) + { + /* Send it only to chanops & victim */ +- sendto_chanops_butone(who, chptr, ":%s!%s@%s KICK %s %s :%s", +- sptr->name, sptr->user->username, GetHost(sptr), +- chptr->chname, who->name, comment); +- if (MyClient(who)) +- sendto_one(who, ":%s!%s@%s KICK %s %s :%s", ++ if (IsPerson(sptr)) ++ sendto_chanops_butone(who, chptr, ":%s!%s@%s KICK %s %s :%s", + sptr->name, sptr->user->username, GetHost(sptr), + chptr->chname, who->name, comment); ++ else ++ sendto_chanops_butone(who, chptr, ":%s KICK %s %s :%s", ++ sptr->name, chptr->chname, who->name, comment); ++ ++ if (MyClient(who)) ++ sendto_prefix_one(who, sptr, ":%s KICK %s %s :%s", ++ sptr->name, chptr->chname, who->name, comment); + } else { + /* NORMAL */ + sendto_channel_butserv(chptr, >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501152202.j0FM24br078393>