Ubuntu irssi 0.8.12-4ubuntu2
Kees Cook
kees at ubuntu.com
Mon Oct 13 21:18:49 BST 2008
On Sun, Oct 12, 2008 at 12:19:16PM +0100, Matt Zimmerman wrote:
> On Wed, Oct 08, 2008 at 04:15:27PM +0200, Gerfried Fuchs wrote:
> > Thanks for the (indirect because of my Debian PTS derivates
> > subscription - direct would had been much more appreciated) notification
> > about this router bug:
>
> I haven't seen a response on ubuntu-devel yet, so I'm CCing the person who
> actually uploaded this change (does this information not make it to the
> PTS?) for comment.
>
> I'm also copying the security team, as there's no CVE reference here and I
> can't tell whether there's a more general issue which needs to be addressed.
As mentioned, all the problems are caused by over-sensitive NAT and
anti-malware firmware. The CVEs for the DCC/NAT dropping are:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1068
While it is important that the affected users fix their gateways, it's
not entirely unreasonable that our default shipped configurations be
designed to work around the problem where possible.
> > -) Isn't switching it per default for all users propably causing more
> > troubles for firewall admins and similar than it solves? How common are
> > these buggy routers?
I would arbitrarily assume that if someone is behind a firewall that
blocks port 8001, they're behind a firewall that blocks 6667 as well.
Regardless, if this change in default configuration helps the IRC Ops
and doesn't introduce connection regressions, it seems like a good idea.
-Kees
--
Kees Cook
Ubuntu Security Team
--
ubuntu-devel mailing list
ubuntu-devel at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
More information about the ubuntu-devel
mailing list