GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Jan 27, 2008 7:26 pm Post subject: [ GLSA 200801-13 ] ngIRCd: Denial of Service |
|
|
Gentoo Linux Security Advisory
Title: ngIRCd: Denial of Service (GLSA 200801-13)
Severity: normal
Exploitable: remote
Date: January 27, 2008
Bug(s): #204834
ID: 200801-13
Synopsis
ngIRCd does not properly sanitize commands sent by users, allowing for a
Denial of Service.
Background
ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
Affected Packages
Package: net-irc/ngircd
Vulnerable: < 0.10.4
Unaffected: >= 0.10.4
Architectures: All supported architectures
Description
The IRC_PART() function in the file irc-channel.c does not properly
check the number of parameters, referencing an invalid pointer if no
channel is supplied.
Impact
A remote attacker can exploit this vulnerability to crash the ngIRCd
daemon.
Workaround
There is no known workaround at this time.
Resolution
All ngIRCd users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/ngircd-0.10.4" |
References
CVE-2008-0285
Last edited by GLSA on Tue May 24, 2011 4:26 am; edited 4 times in total |
|