oss-sec mailing list archives
Re: CVE Request: inspircd
From: security curmudgeon <jericho () attrition org>
Date: Wed, 23 Apr 2008 18:28:00 +0000 (UTC)
: > Versions prior to 1.1.17 of InspIRCd are vulnerable to a remotely : > triggerable buffer overflow which can lead to a Denial of Service : > (daemon crash) when the namesx and uhnames modules are loaded. : : The reference you pointed to is for a fix in 1.1.18, which suggests that : 1.1.17 is vulnerable. : : Thanks for the clarification of the issue - the vendor's post only : alluded to "security" with no additional details, which left a lot of : vuln DBs guessing. : Name: CVE-2008-1925 This is OSVDB 43926. A few weeks back, I dug into their changelogs and found a considerable amount of other vulnerabilities. Not sure how retro you want to go but the following may need CVEs at some point: 43977 2007-07-30 InspIRCd w/o m_safelist Secret Channel Disclosure 43976 2007-07-21 InspIRCd MAXBUF Unspecified Overflow 43975 2007-07-21 InspIRCd Stripcolor Unspecified Security Issue 43948 2007-03-13 InspIRCd Server-to-server Malformed NICK Remote DoS 43947 2007-01-20 InspIRCd Unspecified Temp File Symlink Issue 43946 2006-11-12 InspIRCd Multiple Unspecified Overflows 43945 2006-07-29 InspIRCd m_timedbans.so Unspecified Issue 43942 2006-07-04 InspIRCd IP Packet Handling Oper Flood Remote DoS 43943 2006-07-04 InspIRCd Multiple Unspecified TCP Binding Handling Issues 43939 2006-02-19 InspIRCd cmd_modules Unspecified Overflow 43938 2005-05-27 InspIRCd Installation Binary Permission Weakness 43936 2005-04-09 InspIRCd MODE / TOPIC Commands Unspecified Issue 43937 2005-04-09 InspIRCd Linking Server Password Validation Failure
Current thread:
- CVE Request: inspircd Micah Anderson (Apr 22)
- Re: CVE Request: inspircd Steven M. Christey (Apr 23)
- Re: CVE Request: inspircd security curmudgeon (Apr 23)
- Re: CVE Request: inspircd Micah Anderson (Apr 23)
- Re: CVE Request: inspircd Steven M. Christey (Apr 23)