Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18658
HistoryDec 16, 2007 - 12:00 a.m.

[ GLSA 200712-12 ] IRC Services: Denial of Service

2007-12-1600:00:00
vulners.com
6
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gentoo Linux Security Advisory GLSA 200712-12

                                        http://security.gentoo.org/

Severity: Normal
Title: IRC Services: Denial of Service
Date: December 13, 2007
Bugs: #199897
ID: 200712-12

Synopsis

A Denial of Service vulnerability has been reported in IRC Services.

Background

IRC Services is a system of services to be used with Internet Relay
Chat networks.

Affected packages

-------------------------------------------------------------------
 Package              /  Vulnerable  /                  Unaffected
-------------------------------------------------------------------

1 net-irc/ircservices < 5.0.63 >= 5.0.63

Description

loverboy reported that the "default_encrypt()" function in file
encrypt.c does not properly handle overly long passwords.

Impact

A remote attacker could provide an overly long password to the
vulnerable server, resulting in a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All IRC Services users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-irc/ircservices-5.0.63&quot;

References

[ 1 ] CVE-2007-6122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6122

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200712-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHYZqouhJ+ozIKI5gRAkXqAJ9LYt2SRQXKMWQzU3qqiElskVIWUACfYBlP
JZCdn8HJrEfWKnlXVM4WkmM=
=ANC3
-----END PGP SIGNATURE-----

Related

prion 1
cve 1
openvas 4
gentoo 1
securityvulns 1
nessus 2
freebsd 1
prion
prion
Information disclosure
2007-11-26 22:46:00
cve
cve
CVE-2007-6122
2007-11-26 22:46:00
openvas
openvas
Gentoo Security Advisory GLSA 200712-12 (ircservices)
2008-09-24 00:00:00
FreeBSD Ports: ircservices
2008-09-04 00:00:00
FreeBSD Ports: ircservices
2008-09-04 00:00:00
gentoo
gentoo
IRC Services: Denial of service
2007-12-13 00:00:00
securityvulns
securityvulns
IRC Services DoS
2007-12-16 00:00:00
nessus
nessus
FreeBSD : IRC Services-- Denial of Service Vulnerability (e5a9de5f-c6bc-11dc-b9f1-00a0cce0781e)
2008-01-21 00:00:00
GLSA-200712-12 : IRC Services: Denial of Service
2007-12-17 00:00:00
freebsd
freebsd
IRC Services-- Denial of Service Vulnerability
2007-11-21 00:00:00
JSON
Related for SECURITYVULNS:DOC:18658
prion1cve1openvas4gentoo1securityvulns1nessus2freebsd1