Steffen Joeris
2008-Jun-30 07:53 UTC
[Secure-testing-team] Bug#488630: linuxdcpp: Two remote DoS
Package: linuxdcpp Version: 1.0.1-1 Severity: grave Tags: security, patch Justification: user security hole Hi The following email came over one of the security lists: Hey, Linux DC++ (linuxdcpp) is a Direct Connect client based on the same client code as DC++, so it is vulnerable to the recently reported [1] NULL pointer dereference remote DoS via partial file list requests http://secunia.com/advisories/30812/ http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287 https://bugs.launchpad.net/dcplusplus/+bug/238333 [Can''t view] Patch for linuxdcpp: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date [2] Empty message Remote DoS When an attacker sends an empty message, he can cause the client to abort with "std::out_of_range" in substr(). Patch for linuxdcpp: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date Robert The patchsets are not included in the current sid version. CVE ids for both DoS are pending. Please also upload with high urgency, so that the package hits testing soon. Cheers Steffen