bip: Multiple vulnerabilities

bip: Multiple vulnerabilities Multiple vulnerabilities in bip might allow remote unauthenticated attackers to cause a Denial of Service or possibly execute arbitrary code. bip January 30, 2012 January 30, 2012: 1 336321 400599 remote 0.8.8-r1 0.8.8-r1

bip is a multi-user IRC proxy with SSL support.

Multiple vulnerabilities have been discovered in bip:

Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash (CVE-2010-3071).
Julien Tinnes reported that bip does not check the number of open file descriptors against FD_SETSIZE, resulting in a stack buffer overflow (CVE-2012-0806).

A remote attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the user running the bip daemon, or cause a Denial of Service condition.

There is no known workaround at this time.

All bip users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-irc/bip-0.8.8-r1"

NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version of bip and is included in this advisory for completeness.

CVE-2010-3071 CVE-2012-0806 underling a3li