Vulnerabilities > CVE-2015-2779 - Resource Management Errors vulnerability in Quassel-Irc Quassel

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

quassel-irc

CWE-399

nessus

NVD

Published: 2015-04-10

Updated: 2016-12-03

Summary

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.

Vulnerable Configurations

Part	Description	Count
Application	Quassel-Irc Quassel IRC Quassel 0.1.0 Quassel IRC Quassel 0.2.0 Quassel IRC Quassel 0.3.0 Quassel IRC Quassel 0.3.0.1 Quassel IRC Quassel 0.3.0.2 Quassel IRC Quassel 0.3.0.3 Quassel IRC Quassel 0.3.1 Quassel IRC Quassel 0.4.0 Quassel IRC Quassel 0.4.1 Quassel IRC Quassel 0.4.2 Quassel IRC Quassel 0.4.3 Quassel IRC Quassel 0.5 Quassel IRC Quassel 0.5.0 Quassel IRC Quassel 0.5.1 Quassel IRC Quassel 0.5.2 Quassel IRC Quassel 0.6 Quassel IRC Quassel 0.6.0 Quassel IRC Quassel 0.6.1 Quassel IRC Quassel 0.6.2 Quassel IRC Quassel 0.6.3 Quassel IRC Quassel 0.7 Quassel IRC Quassel 0.7.0 Quassel IRC Quassel 0.7.1 Quassel IRC Quassel 0.7.2 Quassel IRC Quassel 0.7.3 Quassel IRC Quassel 0.7.4 Quassel IRC Quassel 0.8 Quassel IRC Quassel 0.8.0 Quassel IRC Quassel 0.9 Quassel IRC Quassel 0.9.0 Quassel IRC Quassel 0.9.1 Quassel IRC Quassel 0.9.2 Quassel IRC Quassel 0.9.3 Quassel IRC Quassel 0.10 Quassel IRC Quassel 0.10.0 Quassel IRC Quassel 0.10.1 Quassel IRC Quassel 0.11 Quassel IRC Quassel 0.11.0	56

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-4689.NASL
description	Security fix BZ1205130 - patch for CTCP Denial of Service New upstream release of Quassel IRC Client Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-08-04
plugin id	85185
published	2015-08-04
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85185
title	Fedora 21 : quassel-0.11.0-2.fc21 (2015-4689)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-4689. # include("compat.inc"); if (description) { script_id(85185); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-2779"); script_xref(name:"FEDORA", value:"2015-4689"); script_name(english:"Fedora 21 : quassel-0.11.0-2.fc21 (2015-4689)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix BZ1205130 - patch for CTCP Denial of Service New upstream release of Quassel IRC Client Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1205130" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?05292685" ); script_set_attribute( attribute:"solution", value:"Update the affected quassel package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:quassel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"quassel-0.11.0-2.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quassel"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-294.NASL
description	The IRC client quassel was updated to fix two security issues. The following vulnerabilities were fixed : - quassel could crash when receiving an overlength CTCP query containing only multibyte characters (bnc#924930 CVE-2015-2778) - quassel could incorrectly split a message in the middle of a multibyte character, leading to DoS (bnc#924933 CVE-2015-2779)
last seen	2020-06-05
modified	2015-04-09
plugin id	82652
published	2015-04-09
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82652
title	openSUSE Security Update : quassel (openSUSE-2015-294)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-294. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(82652); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-2778", "CVE-2015-2779"); script_name(english:"openSUSE Security Update : quassel (openSUSE-2015-294)"); script_summary(english:"Check for the openSUSE-2015-294 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The IRC client quassel was updated to fix two security issues. The following vulnerabilities were fixed : - quassel could crash when receiving an overlength CTCP query containing only multibyte characters (bnc#924930 CVE-2015-2778) - quassel could incorrectly split a message in the middle of a multibyte character, leading to DoS (bnc#924933 CVE-2015-2779)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=924930" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=924933" ); script_set_attribute( attribute:"solution", value:"Update the affected quassel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-core-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-mono"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1\|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"quassel-base-0.9.2-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"quassel-client-0.9.2-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"quassel-client-debuginfo-0.9.2-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"quassel-core-0.9.2-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"quassel-core-debuginfo-0.9.2-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"quassel-debugsource-0.9.2-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"quassel-mono-0.9.2-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"quassel-mono-debuginfo-0.9.2-19.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"quassel-base-0.10.0-3.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"quassel-client-0.10.0-3.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"quassel-client-debuginfo-0.10.0-3.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"quassel-core-0.10.0-3.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"quassel-core-debuginfo-0.10.0-3.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"quassel-debugsource-0.10.0-3.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"quassel-mono-0.10.0-3.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"quassel-mono-debuginfo-0.10.0-3.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quassel-base / quassel-client / quassel-client-debuginfo / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-4531.NASL
description	Security fix BZ1205130 - patch for CTCP Denial of Service Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-05-27
plugin id	83821
published	2015-05-27
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/83821
title	Fedora 22 : quassel-0.11.0-2.fc22 (2015-4531)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-4531. # include("compat.inc"); if (description) { script_id(83821); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-2779"); script_xref(name:"FEDORA", value:"2015-4531"); script_name(english:"Fedora 22 : quassel-0.11.0-2.fc22 (2015-4531)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix BZ1205130 - patch for CTCP Denial of Service Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1205130" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4c2de647" ); script_set_attribute( attribute:"solution", value:"Update the affected quassel package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:quassel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"quassel-0.11.0-2.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quassel"); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References