Overview
InspIRCd 2.0.5 and possibly other versions contain a heap corruption vulnerability that may be exploited with a specifically crafted DNS query.
Description
InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res[] buffer is allocated on the heap and can be overflowed. The res[] buffer can be exploited during its deallocation. The number of overflowed bytes can be controlled with DNS compression features. |
Impact
A remote unauthenticated attacker may be able to execute arbitrary code with the permissions of the user running the InspIRCd service. |
Solution
Apply an Update InspIRCd 1.2.9 RC1, 2.0.6 RC1, and 2.1.0 B3 have addressed this vulnerability. |
Configuration Change The issue may be mitigated in some scenarios by changing your configuration file so <performance:nouserdns> is set to yes. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Temporal | 5.3 | E:POC/RL:OF/RC:C |
| Environmental | 5.3 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Tomasz Salacinski of CERT Polska for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
| CVE IDs: | None |
| Severity Metric: | 1.06 |
| Date Public: | 2012-03-19 |
| Date First Published: | 2012-03-19 |
| Date Last Updated: | 2012-04-09 20:08 UTC |
| Document Revision: | 26 |