oss-sec mailing list archives
Re: CVE Request: inspircd
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 23 Apr 2008 12:12:08 -0400 (EDT)
On Tue, 22 Apr 2008, Micah Anderson wrote:
Versions prior to 1.1.17 of InspIRCd are vulnerable to a remotely triggerable buffer overflow which can lead to a Denial of Service (daemon crash) when the namesx and uhnames modules are loaded.
The reference you pointed to is for a fix in 1.1.18, which suggests that 1.1.17 is vulnerable. Thanks for the clarification of the issue - the vendor's post only alluded to "security" with no additional details, which left a lot of vuln DBs guessing. - Steve ====================================================== Name: CVE-2008-1925 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1925 Reference: MISC:http://www.inspircd.org/bugtrack/view_bug.php?bug_id=438 Reference: CONFIRM:http://www.inspircd.org/forum/showthread.php?t=2945 Reference: MLIST:[oss-security] 20080422 CVE Request: inspircd Reference: URL:http://www.openwall.com/lists/oss-security/2008/04/22/3 Reference: FRSIRT:ADV-2008-1041 Reference: URL:http://www.frsirt.com/english/advisories/2008/1041/references Reference: SECUNIA:29610 Reference: URL:http://secunia.com/advisories/29610 Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.
Current thread:
- CVE Request: inspircd Micah Anderson (Apr 22)
- Re: CVE Request: inspircd Steven M. Christey (Apr 23)
- Re: CVE Request: inspircd security curmudgeon (Apr 23)
- Re: CVE Request: inspircd Micah Anderson (Apr 23)
- Re: CVE Request: inspircd Steven M. Christey (Apr 23)