Vulnerabilities > CVE-2004-0605 - Configuration vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | ircd-hybrid 7.0.1,ircd-ratbox 1.5.1/2.0 Socket Dequeuing Denial of Service Vulnerability. CVE-2004-0605. Dos exploit for linux platform |
id | EDB-ID:24222 |
last seen | 2016-02-02 |
modified | 2004-06-19 |
published | 2004-06-19 |
reporter | Erik Sperling Johansen |
source | https://www.exploit-db.com/download/24222/ |
title | ircd-hybrid 7.0.1,ircd-ratbox 1.5.1/2.0 - Socket Dequeuing Denial of Service Vulnerability |
Nessus
NASL family | Denial of Service |
NASL id | IRCD_RATE_LIMITING.NASL |
description | The remote host is running a version of ircd which is vulnerable to a rate-limiting Denial of Service (DoS) attack. The flaw is in the fact that the IRCD daemon reserves more than 500 bytes of memory for each line received. An attacker, exploiting this flaw, would need network access to the IRC server. A successful attack would render the IRC daemon, and possibly the entire system, unusable. The following IRC daemons are known to be vulnerable: IRCD-Hybrid ircd-hybrid 7.0.1 ircd-ratbox ircd-ratbox 1.5.1 ircd-ratbox ircd-ratbox 2.0 rc6 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14253 |
published | 2004-08-10 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14253 |
title | Multiple IRC Client Non-registered User parse_client_queued Saturation DoS |
code |
|