A serious issue has been found in the Windows SSL versions of UnrealIRCd 3.2.9 and 3.2.10-rc1. This issue allows someone to remotely crash the server.
Admins of affected systems should upgrade immediately.
Note that only Windows versions with SSL support are affected.
==[ AFFECTED VERSIONS ]==
* 3.2.9 on Windows with SSL support
* 3.2.10-rc1 on Windows with SSL support
* 3.2.9 and 3.2.10-rc1 on *NIX (Linux, FreeBSD, ..)
* 3.2.9 and 3.2.10-rc1 on Windows without SSL support
* 3.2.9-winsslfix and 3.2.10-rc1-winsslfix
* 126.96.36.199 and earlier
If you are unsure which version you are using, then follow this procedure:
Type /VERSION on IRC (on some clients you might have to type /QUOTE VERSION)
This should return a string like:
Unreal3.2.9. server.name FhinWXeOoZE
This contains the version number, the server name, and the compile flags.
You are vulnerable if ALL these three conditions are met:
* The version is 'Unreal3.2.9' or 'Unreal3.2.10-rc1'
* The compile flags contain a 'W' (this means you're on Windows)
* The compile flags contain a lower case 'e' (this means you're using the SSL version)
Fixed Windows SSL versions can be identified by having 'winsslfix' in their version name.
==[ SHOULD I UPGRADE? ]==
If you are using any of the vulnerable versions then you should upgrade immediately as this is a serious issue.
Unfortunately there are no mitigating factors: even if you don't actually use SSL, or if you have password-protected your server or hub, then you are still vulnerable to this particular attack.
==[ FIXED VERSIONS ]==
New Windows SSL versions are available from:
There's no update for *NIX or the non-SSL Windows version, as these are safe and thus do not require any update.
==[ IMPACT ]==
This issue will result in a direct server crash.
There's no possibility to execute any code, nor is there any information disclosure.
==[ CVSS ]==
CVSS v2.0 report:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Complete
Access Vector: Network
Access Complexity: Low
CVSS Base Score: 7.8
Availability of exploit: Proof of concept code[*]
Type of fix available: Official fix
CVSS Temporal Score: 6.1
[*] Proof of concept / exploit is currently not public. This is expected to change soon after the release of this security bulletin.
==[ TIMELINE ]==
Times are in UTC
2012-11-11 19:20 Bug reported
2012-11-12 11:03 Bug confirmed by developer
2012-11-12 11:22 Bug traced, fix available
2012-11-12 13:45 Fixed versions compiled and packaged
2012-11-12 14:00 Security announcement
==[ SOURCE ]==
This advisory (and updates to it, if any) is posted to:
http://www.unrealircd.com/txt/unrealsec ... 121112.txt