Bug 856833 (CVE-2011-5268) - CVE-2011-5268: [server:irc] bip: remote dos via failed ssl connects
Summary: CVE-2011-5268: [server:irc] bip: remote dos via failed ssl connects
Status: RESOLVED WONTFIX
Alias: CVE-2011-5268
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Bogdano Arendartchuk
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-27 08:57 UTC by Marcus Meissner
Modified: 2016-11-22 10:23 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-12-27 08:57:38 UTC 
CVE-2011-5268

connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes....

References:
https://projects.duckcorp.org/versions/13
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5268
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5268
Comment 1 Johannes Segitz 2015-04-01 12:03:12 UTC 
still open
Comment 2 Andreas Stieger 2015-10-26 16:14:56 UTC 
Ping. Bug remains open. Not in an openSUSE or SLE release, move to 3rd party software component.
Comment 3 Bogdano Arendartchuk 2016-11-22 10:23:47 UTC 
As I'm not maintaining it anymore, I have deleted the package from server:irc.