Unreal 3.2.2b and "hot patch" released

News about the UnrealIRCd project, including release announcements
Post Reply
Syzop
UnrealIRCd head coder
Posts: 1935
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Unreal 3.2.2b and "hot patch" released

Post by Syzop » Sat Jan 15, 2005 9:12 pm

Hi all,

we became aware of a crash issue in UnrealIRCd that can be triggered by users.
This time however, we are trying a new aproach by offering a "hot patch" that will fix your ircd without requiring a restart, so the process shouldn't be too painful. It won't be possible for all future security issues, but it works great for this one :).

In any case, we apologise for any inconvenience this will cause.

Code: Select all

SECURITY ADVISORY
==================

A serious Denial-of-Service issue has been discovered in UnrealIRCd.

==[ AFFECTED VERSIONS ]==
Affected:
- Unreal3.2: beta18, beta19, RC-1, RC-2, 3.2, 3.2.1, 3.2.2

Unaffected:
- versions older than beta18 (OLD, UNSUPPORTED)
- 3.1* (VERY OLD, UNSUPPORTED)
- If you have NO servers and NO services linked and you
  are using a vulnerable version then this problem does
  not occur (this is however an uncommon configuration)

Fixed in/by:
- Hot-patched 3.2* servers (see FIX)
- The newly released 3.2.2b (for fresh installs)
- CVS from January 15 03:00 GMT and later

==[ PROBLEM ]==
There's a severe crashbug present in UnrealIRCd that can quite
easily be triggered by users. No code execution or anything
like that is possible (it's a NULL pointer dereference),
but it does cause a crash, which is of course serious enough.

Server admins should apply the fix (which does not require a
server restart) as soon as possible before an exploit will
become widespread (within 24h is recommended).

During the time of writing (Jan15 19:00 GMT) there are no signs
of "bad users" causing crashes, but we expect that this will
happen after public announcement of this bug.

==[ WORKAROUND ]==
There's no safe workaround, but see next for an easy fix.

==[ FIX ]==
Thanks to modulized commands we have created a "hot patch" utility
that will fix the issue WITHOUT requiring a server restart, all
you will have to do is install it and rehash.
This patch can be used on Unreal3.2-RC2, 3.2, 3.2.1 and 3.2.2.
Older version (eg: beta's) are not supported, in that case we
suggest you to upgrade to 3.2 (and apply this patch) or 3.2.2b.

*NIX:
 Download and run the hotpatch utility, available URLs:
 http://www.vulnscan.org/tmp/unrealpatch322
 http://www.unrealircd.com/unrealpatch322
 http://unreal.atlanti-ka.org/unrealpatch322

 EXAMPLE:
 cd ~/Unreal3.2 && wget http://www.unrealircd.com/unrealpatch322 && \
 chmod +x unrealpatch322 && ./unrealpatch322
 (or 'fetch' instead of 'wget', or any other download utility)

 Alternatively if that did not work, try this .tar.gz:
 http://www.vulnscan.org/tmp/qpatch.tar.gz OR
 http://www.unrealircd.com/qpatch.tar.gz OR
 http://unreal.atlanti-ka.org/qpatch.tar.gz
 
 Extract it, cd to the directory and run ./doinstall

Windows:
 Download and run the win32 hotpatch utility, available URLs:
 http://www.vulnscan.org/tmp/322_hotpatch.exe
 http://unreal.atlanti-ka.org/322_hotpatch.exe
 http://unrealircd.funny-chat.net/322_hotpatch.exe
 
 (this hotpatch is for 3.2.2 only, if using an older version then
  upgrade to 3.2.2 first).

Additionally, we have replaced the 3.2.2 downloads on our site with
"3.2.2b" which is 3.2.2 + this patch (useful in case the hot patch
utility did somehow not work, or for any new installs):
See http://www.unrealircd.com/?page=downloads

This issue has also been fixed in CVS, both in 'stable' and
'unreal3_2_2fixes' since January 15 2005 03:00 GMT.

MD5 checksums:
2157afe65f97358645aac0b3f957bd57  unrealpatch322
8b842d83d037eca9cedcf49a6306b129  qpatch.tar.gz
d6a90889ce937d77e6e63787d7b31b51  Unreal3.2.2b.tar.gz
90ec48229484b16b94381471c39c07aa  Unreal3.2.2b.exe
de445797833c281f87cdec193f098b0a  Unreal3.2.2b-SSL.exe

SHA1 checksums:
31790d50dfa207a223c76f6c1119a8d48294c796  unrealpatch322
20879d90e328671f1853e78d6e4a6fb2557bf686  qpatch.tar.gz
c3f8258202c32ca09085975b6a042e6296c2d4b7  Unreal3.2.2b-SSL.exe
55019a076def37509fdb7e5382a62662f18dda30  Unreal3.2.2b.exe
749dfb38f514d1341b6ad8199ce0176f7709faf1  Unreal3.2.2b.tar.gz

==[ TIMELINE ]==
Times are GMT+1
13-01-2005  Bug reported, traced and *NIX hotpatch ready 
14-01-2005  Bug fixed in CVS, Win hotpatch ready,
            private announcement to some networks
15-01-2005  CERT-IRC announcement
15-01-2005  Downloads replaced, public announcement

==[ SOURCE ]==
A copy (and any updates) of this advisory is posted on:
http://www.unrealircd.com/unreal3_2_2b_advisory.txt

Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat » Sun Jan 16, 2005 9:35 am

That's how I like patches...

Thank you!
Good work! 8)

McTerry
Posts: 64
Joined: Tue Oct 19, 2004 12:42 am
Location: *.se
Contact:

Post by McTerry » Sun Jan 16, 2005 7:17 pm

It worked great to patch it with Unreal IRCd running. :D Nice job!
BOOM!

Syzop
UnrealIRCd head coder
Posts: 1935
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Sun Jan 16, 2005 9:10 pm

Thanks :)

mematrix
Posts: 12
Joined: Sun Jan 02, 2005 5:30 pm

Post by mematrix » Sat Jan 22, 2005 5:33 am

very cool....cheers m8 8) :D

Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Post by Stealth » Sat Jan 22, 2005 6:50 am

The last time someone posted a "thank you" post I was going to post something sarcastic. Well, the time has come, someone has posted. Unfortunatly, I completely forgot what I was going to say. :?

McTerry
Posts: 64
Joined: Tue Oct 19, 2004 12:42 am
Location: *.se
Contact:

Post by McTerry » Sun Jan 23, 2005 6:58 pm

Thx McTerry for slapping Stealth. :twisted:
BOOM!

RandomNumber
Posts: 44
Joined: Mon Jan 24, 2005 6:10 pm

Post by RandomNumber » Mon Jan 24, 2005 6:33 pm

That was quick and easy and no hassles very cool thank you for the prompt service also

pepolez
Posts: 9
Joined: Sun Oct 31, 2004 2:08 am
Location: Australia
Contact:

Post by pepolez » Sun Feb 13, 2005 8:46 am

Syzop saves the day! :D Great work :D
There are 10 types of people in the world, those who understand binary and those who don't.

Post Reply