Candidate: CVE-2012-6084
PublicDate: 2013-01-01 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6084
 http://www.openwall.com/lists/oss-security/2013/01/01/1
 http://www.openwall.com/lists/oss-security/2013/01/01/2
 https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch
 http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2
 http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2
 http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt
 http://openwall.com/lists/oss-security/2013/01/01/4
Description:
 modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before
 3.4.2 does not properly support capability negotiation during server
 handshakes, which allows remote attackers to cause a denial of service
 (NULL pointer dereference and daemon crash) via a malformed request.
Ubuntu-Description:
Notes:
 seth-arnold> charybdis patch should work on ratbox
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697092
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697093
Priority: high
Discovered-by:
Assigned-to:
CVSS: 

Patches_charybdis:
 upstream: https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch
upstream_charybdis: released (3.3.0-7.1)
hardy_charybdis: DNE
lucid_charybdis: DNE
oneiric_charybdis: DNE
precise_charybdis: ignored (reached end-of-life)
precise/esm_charybdis: DNE (precise was needed)
quantal_charybdis: ignored (reached end-of-life)
raring_charybdis: ignored (reached end-of-life)
saucy_charybdis: ignored (reached end-of-life)
trusty_charybdis: not-affected (3.4.2-3)
trusty/esm_charybdis: DNE (trusty was not-affected [3.4.2-3])
utopic_charybdis: ignored (reached end-of-life)
vivid_charybdis: ignored (reached end-of-life)
vivid/stable-phone-overlay_charybdis: DNE
vivid/ubuntu-core_charybdis: DNE
wily_charybdis: ignored (reached end-of-life)
xenial_charybdis: not-affected (3.4.2-3)
yakkety_charybdis: ignored (reached end-of-life)
zesty_charybdis: ignored (reached end-of-life)
artful_charybdis: ignored (reached end-of-life)
bionic_charybdis: not-affected (3.4.2-3)
cosmic_charybdis: not-affected (3.4.2-3)
devel_charybdis: not-affected (3.4.2-3)

Patches_ircd-ratbox:
 upstream: https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch
 vendor: http://www.debian.org/security/2013/dsa-2612
upstream_ircd-ratbox: released (3.0.7.dfsg-3)
hardy_ircd-ratbox: ignored (reached end-of-life)
lucid_ircd-ratbox: ignored (reached end-of-life)
oneiric_ircd-ratbox: released (3.0.6.dfsg-2squeeze1build0.11.10.1)
precise_ircd-ratbox: ignored (reached end-of-life)
precise/esm_ircd-ratbox: DNE (precise was needed)
quantal_ircd-ratbox: ignored (reached end-of-life)
raring_ircd-ratbox: not-affected (3.0.7.dfsg-3)
saucy_ircd-ratbox: not-affected (3.0.7.dfsg-3)
trusty_ircd-ratbox: not-affected (3.0.7.dfsg-3)
trusty/esm_ircd-ratbox: DNE (trusty was not-affected [3.0.7.dfsg-3])
utopic_ircd-ratbox: not-affected (3.0.7.dfsg-3)
vivid_ircd-ratbox: not-affected (3.0.7.dfsg-3)
vivid/stable-phone-overlay_ircd-ratbox: DNE
vivid/ubuntu-core_ircd-ratbox: DNE
wily_ircd-ratbox: not-affected (3.0.7.dfsg-3)
xenial_ircd-ratbox: DNE
yakkety_ircd-ratbox: DNE
zesty_ircd-ratbox: DNE
artful_ircd-ratbox: DNE
bionic_ircd-ratbox: DNE
cosmic_ircd-ratbox: DNE
devel_ircd-ratbox: DNE