blob: 6bef7328296f8fef809a7bc5c59c145d2f23a3e8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200712-12">
<title>IRC Services: Denial of Service</title>
A Denial of Service vulnerability has been reported in IRC Services.
<product type="ebuild">ircservices</product>
<announced>December 13, 2007</announced>
<revised>December 13, 2007: 01</revised>
<package name="net-irc/ircservices" auto="yes" arch="*">
<unaffected range="ge">5.0.63</unaffected>
<vulnerable range="lt">5.0.63</vulnerable>
IRC Services is a system of services to be used with Internet Relay
Chat networks.
loverboy reported that the "default_encrypt()" function in file
encrypt.c does not properly handle overly long passwords.
<impact type="normal">
A remote attacker could provide an overly long password to the
vulnerable server, resulting in a Denial of Service.
There is no known workaround at this time.
All IRC Services users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-irc/ircservices-5.0.63&quot;</code>
<uri link="">CVE-2007-6122</uri>
<metadata tag="requester" timestamp="Mon, 10 Dec 2007 21:48:10 +0000">
<metadata tag="bugReady" timestamp="Mon, 10 Dec 2007 21:51:02 +0000">
<metadata tag="submitter" timestamp="Tue, 11 Dec 2007 22:44:42 +0000">