irssi Use after free SASL Vulnerability
This exploit of the day is very exciting, it affects a chat client that have been actively used since its release in 1999! The vulnerability is affect the sasl( Simple Authentication and Security Layer ) authentication.
If you are running irssi less then 1.2.1 (check with human@computer:~$ irssi -v).
If you have a long time running instance of irssi you will need to restart your session:
: upgrade the irssi package : in irssi run /upgrade , this will load the new binary patch : reconnect to the irc server
Git code patch
The solutions was to validate the sasl requests better
g_free_not_null(ircconn->usermode); g_free_not_null(ircconn->alternate_nick); g_free_not_null(ircconn->sasl_username); g_free_not_null(ircconn->sasl_password); } rec->sasl_username = g_strdup(src->sasl_username); rec->sasl_password = g_strdup(src->sasl_password);
Git commit 5a67b983dc97caeb5df1139aabd0bc4f260a47d8