Vulnerabilities > CVE-2009-4016 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1980.NASL description David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code (CVE-2009-4016 ). This issue affects both, ircd-hybrid and ircd-ratbox. It was discovered that the ratbox IRC server is prone to a denial of service attack via the HELP command. The ircd-hybrid package is not vulnerable to this issue (CVE-2010-0300 ). last seen 2020-06-01 modified 2020-06-02 plugin id 44844 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44844 title Debian DSA-1980-1 : ircd-hybrid/ircd-ratbox - integer underflow/denial of service NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_192609C80C5111DF82A000248C9B4BE7.NASL description SecurityFocus reports : The first affects the /quote HELP module and allows a user to trigger an IRCD crash on some platforms. The second affects the /links processing module when the flatten_links configuration option is not enabled. last seen 2020-06-01 modified 2020-06-02 plugin id 44333 published 2010-01-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44333 title FreeBSD : irc-ratbox -- multiple vulnerabilities (192609c8-0c51-11df-82a0-00248c9b4be7) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9312.NASL description Two vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and oftc-hybrid. The first is an integer overflow that can lead to a denial of service or, possibly, the execution of arbitrary code on the ircd server (CVE-2009-4016 (patch [1])), the second is a NULL pointer dereference that can lead to a denial of service of the ircd server (CVE-2010-0300 (patch [2])). This has been corrected in upstream ircd-ratbox 2.2.9 [3]. CVE-2010-0300 may be ircd- ratbox specific, however CVE-2009-4016 affects both ircd servers. [1] http://ircd.ratbox.org/cgi-bin/index.cgi/ircd- ratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732 [2] http://trac.oftc.net/projects/oftc-hybrid/changeset/1062 [3] http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47529 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47529 title Fedora 12 : ircd-hybrid-7.2.3-11.fc12 / ircd-ratbox-2.2.8-7.fc12 (2010-9312)
References
- http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
- http://secunia.com/advisories/38210
- http://secunia.com/advisories/38381
- http://secunia.com/advisories/38382
- http://secunia.com/advisories/38383
- http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz
- http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev
- http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES
- http://www.debian.org/security/2010/dsa-1980
- http://www.securityfocus.com/bid/37978