Launchpad CVE tracker

CVE 2007-4408

ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.

Related bugs and status

CVE-2007-4408 (Candidate) is related to these bugs:

Bug #173377: [CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06

		In	Importance	Status
173377	[CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06	ircd-ircu (Ubuntu)	Undecided	Fix Released
173377	[CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06	ircd-ircu (Ubuntu Dapper)	Undecided	Won't Fix
173377	[CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06	ircd-ircu (Ubuntu Edgy)	Undecided	Won't Fix
173377	[CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06	ircd-ircu (Ubuntu Feisty)	Undecided	Won't Fix
173377	[CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06	ircd-ircu (Ubuntu Gutsy)	Undecided	Won't Fix
173377	[CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06	ircd-ircu (Ubuntu Hardy)	Undecided	Fix Released
173377	[CVE-2007-44{08,1[01]}] Various vulnerabilities in ircd-ircu before 2.10.12.06	ircd-ircu (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-4408

References