Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+T2pCG=MJMxQZXgGsCevny2_tSkiBcya-hebS8HxuEMCxQw_A@mail.gmail.com>
Date: Mon, 5 Sep 2016 17:26:06 -0500
From: William Pitcock <nenolod@...eferenced.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: CVE ID request: certificate spoofing through
 crafted SASL message in inspircd, charybdis

Hello,

UnrealIRCd is also affected:

https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766

As is Nefarious:

https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5

William

On Sun, Sep 4, 2016 at 4:45 PM, Antoine Beaupré <anarcat@...ian.org> wrote:
> inspircd published 2.0.23 that fixes an issue with SASL
> authentication. The details are here:
>
> http://www.inspircd.org/2016/09/03/v2023-released.html
>
> All versions are affected.
>
> Upstream hasn't requested a CVE yet. I told them I would request one
> from here on IRC.
>
> It seems to also affect Charybdis, which fixed the issue in the
> upcoming 3.5.3 release:
>
> https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
>
> A.
>
> --
> All governments are run by liars and nothing they say should be
> believed.
>                        - I. F. Stone

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.