Conversation

Notices

1. kaniini (kaniini@mastodon.dereferenced.org)'s status on Friday, 02-Feb-2018 16:00:37 EST kaniini

   since the "new atheme" idiots are busy playing serious business security embargo games, I figured out the vulnerability for the rest of us.

   they completely fucked up their mitigation of CVE-2016-4478, making it entirely pointless because THEY DID NOT UNDERSTAND PASCAL STRINGS ARE NOT THE SAME AS C STRINGS (good job guys, maximum security here)

   full analysis here:
   https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e#r27301897

   IF YOU ARE RUNNING ATHEME CLOSE THE XMLRPC EXPOSURE BECAUSE THESE GUYS ARE TRUE MORONS THAT IS ALL

   or consider rm'ing your ircd, that also works well.

   1. kaniini (kaniini@mastodon.dereferenced.org)'s status on Friday, 02-Feb-2018 16:05:49 EST kaniini

      in reply to

      i gotta give them bonus points for swapping a memcpy with strncpy which was entirely pointless because both will happily crash you if there is no scratch buffer remaining.

      AND THEN THEY JUST PUT A NUL IN THE PASCAL STRING

      fuck it, y'all are on your own with this one.

      ARGH WHAT THE FUCKING FUCK

      the incompetence is really triggering me over here

      1. kaniini (kaniini@mastodon.dereferenced.org)'s status on Friday, 02-Feb-2018 16:08:05 EST kaniini

         in reply to

         BUT KANIINI, STRNCPY WILL STOP COPYING AT XMLRPC_BUFSIZE. YES, SO WILL MEMCMP.

         NEITHER WILL TERMINATE THE BUFFER, AND BOTH WILL LEAK PRIVATE DATA FROM THE PASCAL STRING WHICH EXPOSES, AMONGST OTHER THINGS, A VTABLE.

         FHIUEWHIUFR@FHIUFIUFHIUFWHIUFWHIUFWHIUFWHIUFWHIUDFWHIUDFRHIUDFWHIUFWHIUDFHIUDFWHIUFHIUFFW

         I SHOULD HAVE LISTENED TO DIANORA WHEN I WAS YOUNG AND RAN THE FUCK AWAY FROM THIS SHIT

   2. Diane Bruce (dianora@octodon.social)'s status on Friday, 02-Feb-2018 16:07:27 EST Diane Bruce

      in reply to

      @kaniini Yes IRC sucks.