Vulnerabilities > CVE-2008-0285 - Denial Of Service vulnerability in ngIRCd PART Command Parsing
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Gentoo Local Security Checks |
| NASL id | GENTOO_GLSA-200801-13.NASL |
| description | The remote host is affected by the vulnerability described in GLSA-200801-13 (ngIRCd: Denial of Service) The IRC_PART() function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied. Impact : A remote attacker can exploit this vulnerability to crash the ngIRCd daemon. Workaround : There is no known workaround at this time. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 30118 |
| published | 2008-01-29 |
| reporter | This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/30118 |
| title | GLSA-200801-13 : ngIRCd: Denial of Service |
References
- http://arthur.barton.de/cgi-bin/viewcvs.cgi/ngircd/ngircd/src/ngircd/irc-channel.c?r1=1.40&r2=1.41&diff_format=h
- http://bugs.gentoo.org/show_bug.cgi?id=204834
- http://ngircd.barton.de/doc/ChangeLog
- http://secunia.com/advisories/28425
- http://secunia.com/advisories/28673
- http://security.gentoo.org/glsa/glsa-200801-13.xml
- http://www.securityfocus.com/bid/27318