[CVE-2007-6062] Denial of service via JOIN command without channel
Bug #173164 reported by
William Grant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ngircd (Debian) |
Fix Released
|
Unknown
|
|||
ngircd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
William Grant | ||
Edgy |
Invalid
|
Undecided
|
William Grant | ||
Feisty |
Fix Released
|
Undecided
|
William Grant | ||
Gutsy |
Fix Released
|
Undecided
|
William Grant | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ngircd
irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.
Hardy already has 0.10.3.
CVE References
Changed in ngircd: | |
assignee: | nobody → fujitsu |
status: | New → In Progress |
assignee: | nobody → fujitsu |
status: | New → In Progress |
assignee: | nobody → fujitsu |
status: | New → In Progress |
assignee: | nobody → fujitsu |
status: | New → In Progress |
status: | New → Fix Released |
Changed in ngircd: | |
status: | Unknown → New |
Changed in ngircd: | |
status: | New → Fix Released |
To post a comment you must log in.
Dapper and Edgy have extra checks that must have been removed in 0.10.0; they're not vulnerable.