Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
Gentoo Linux Security Advisory GLSA 200606-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: EnergyMech: Denial of Service
Date: June 26, 2006
Bugs: #132749
ID: 200606-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A Denial of Service vulnerability was discovered in EnergyMech that is
easily exploitable via IRC.
Background
==========
EnergyMech is an IRC bot programmed in C.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-irc/emech < 3.0.2 >= 3.0.2
Description
===========
A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and
will cause a crash from a segmentation fault.
Impact
======
By sending an empty CTCP NOTICE, a remote attacker could exploit this
vulnerability to cause a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All EnergyMech users should update to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/emech-3.0.2"
References
==========
[ 1 ] EnergyMech Changelog
http://www.energymech.net/versions-3.0.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-26.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEoDQwvcL1obalX08RAi3GAKCe70z1M7pZH5vHdtZbfX1i9brdfwCfb2m1
pObY40lgM8ZH+8n2MjdwDsQ=
=rKc5
-----END PGP SIGNATURE-----
[ reply ]