blob: 31a95b20e1948a2eaa23c0e55994d40b97365db8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200801-13">
<title>ngIRCd: Denial of Service</title>
ngIRCd does not properly sanitize commands sent by users, allowing for a
Denial of Service.
<product type="ebuild">ngircd</product>
<announced>January 27, 2008</announced>
<revised>January 27, 2008: 02</revised>
<package name="net-irc/ngircd" auto="yes" arch="*">
<unaffected range="ge">0.10.4</unaffected>
<vulnerable range="lt">0.10.4</vulnerable>
ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
The IRC_PART() function in the file irc-channel.c does not properly
check the number of parameters, referencing an invalid pointer if no
channel is supplied.
<impact type="normal">
A remote attacker can exploit this vulnerability to crash the ngIRCd
There is no known workaround at this time.
All ngIRCd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-irc/ngircd-0.10.4&quot;</code>
<uri link="">CVE-2008-0285</uri>
<metadata tag="requester" timestamp="Tue, 15 Jan 2008 20:42:37 +0000">
<metadata tag="submitter" timestamp="Sun, 20 Jan 2008 01:06:19 +0000">
<metadata tag="bugReady" timestamp="Sun, 20 Jan 2008 01:44:35 +0000">