Crash issue in UnrealIRCd: apply hot fix ASAP or upgrade to 4.0.11

News about the UnrealIRCd project, including release announcements
Post Reply
Syzop
UnrealIRCd head coder
Posts: 1784
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Crash issue in UnrealIRCd: apply hot fix ASAP or upgrade to 4.0.11

Post by Syzop » Fri Feb 10, 2017 2:08 pm

UnrealIRCd versions 4.0.8 - 4.0.10 on *NIX can be crashed by a remote user. This is due to a buffer overflow issue. The issue is actually present in all UnrealIRCd versions but because the data overflows into unused variables after the buffer previously went undetected and caused no harm. UnrealIRCd 4.0.8 and later on *NIX have additional protection enabled. These versions detect the overflow and stop execution immediately (crashes). The Windows version does not crash.

We have released UnrealIRCd 4.0.11 which addresses this issue (among some other less serious issues). There is also a "hot fix" available so you can patch your server without requiring an UnrealIRCd restart. See below.

We recommend *NIX users to apply the "hot fix" as soon as possible (see below). Windows users are unaffected.

How to get the fix/patch?
For Windows there is no urgent need to upgrade, but you can install UnrealIRCd 4.0.11.

Linux/BSD/.. users can also install 4.0.11 OR you can choose to patch UnrealIRCd on-the-fly without a restart.
Since the patch is usually the easiest and most user friendly solution, we recommend it.
Run the following on the IRC shell:

Code: Select all

 wget http://www.unrealircd.org/patch/isonpatcher && sh isonpatcher
Q&A

Have there been any reports of these bugs being abused by anyone?
Not yet. But the issue is easy to trigger, so don't wait for it.

Should I upgrade?
Yes. If you are affected (see Affected versions above) then you should upgrade or install the hot-fix as soon as possible.

Are there any workarounds so I don't have to upgrade?
On *NIX, use the hot fix / patch so you don't need to restart UnrealIRCd.

Can I upgrade without restarting the IRC server?
On Linux/BSD/.. yes. Run the following on the shell:

Code: Select all

 wget http://www.unrealircd.org/patch/isonpatcher && sh isonpatcher
I don't like the patch script. How I can fix this by hand?
If, for whatever reason, you don't want to use the simple patchscript from above then you can download the .tar.gz here instead.
Extract it somewhere and look at the contents. Among other things it contains isonfix.patch. Apply that patch, recompile and rehash your UnrealIRCd.
This is exactly the same as the patch script would do.

How serious is this bug?
Any connected user can crash the IRCd. Only if the user cannot get on the IRCd (eg: password protect hub) then he can not trigger the crash.

When were these issues reported?
This issue was reported 36 hours ago. The issue was confirmed less than 24 hours ago and a fix was created today.

Updates to this advisory
Small corrections/updates will be posted here, if any.

Syzop
UnrealIRCd head coder
Posts: 1784
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: Crash issue in UnrealIRCd: apply hot fix ASAP or upgrade to 4.0.11

Post by Syzop » Fri Feb 10, 2017 4:44 pm

For those interested, I've posted an analysis of the bug, the fix and how exploitable it is on my new blog: Buffer overflow issue in UnrealIRCd, despite use of strncat.

baleco
Posts: 0
Joined: Sat Feb 11, 2017 1:51 am

Re: Crash issue in UnrealIRCd: apply hot fix ASAP or upgrade to 4.0.11

Post by baleco » Sat Feb 11, 2017 1:53 am

After i followed these staps i got the following error.

02:48:20] [NOTICE irc.**.nl]: *** Robert[Systeembeheer] is rehashing server config file
[02:48:20] [NOTICE irc.**.nl]: *** Loading IRCd configuration..
[02:48:20] [NOTICE irc.**.nl]: *** error: Couldn't open "/home/user/unrealircd/conf/modules.default.conf": Permission denied
[02:48:21] [NOTICE irc.**.nl]: *** error: Could not load config file /home/user/unrealircd/conf/modules.default.conf
[02:48:21] [NOTICE irc.**.nl]: *** error: IRCd configuration failed to load

How do i fix this?

Syzop
UnrealIRCd head coder
Posts: 1784
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: Crash issue in UnrealIRCd: apply hot fix ASAP or upgrade to 4.0.11

Post by Syzop » Sat Feb 11, 2017 8:35 am

baleco wrote:
Sat Feb 11, 2017 1:53 am
After i followed these staps i got the following error.

02:48:20] [NOTICE irc.**.nl]: *** Robert[Systeembeheer] is rehashing server config file
[02:48:20] [NOTICE irc.**.nl]: *** Loading IRCd configuration..
[02:48:20] [NOTICE irc.**.nl]: *** error: Couldn't open "/home/user/unrealircd/conf/modules.default.conf": Permission denied
Sounds like you are running the ircd as a normal user (=good) but applied the hot-fix as root (=bad). You would have to fix ownership of the files.
You could run the following as root to do so:

Code: Select all

chown nameofircuser:nameofircgroup /home/user -R
Then you should be able to rehash again as a normal user. And don't touch anything as root again ;)

Post Reply