Vulnerabilities > CVE-2010-0300 - Unspecified vulnerability in Ircd-Ratbox
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ircd-ratbox
nessus
Summary
cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1980.NASL description David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code (CVE-2009-4016 ). This issue affects both, ircd-hybrid and ircd-ratbox. It was discovered that the ratbox IRC server is prone to a denial of service attack via the HELP command. The ircd-hybrid package is not vulnerable to this issue (CVE-2010-0300 ). last seen 2020-06-01 modified 2020-06-02 plugin id 44844 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44844 title Debian DSA-1980-1 : ircd-hybrid/ircd-ratbox - integer underflow/denial of service NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_192609C80C5111DF82A000248C9B4BE7.NASL description SecurityFocus reports : The first affects the /quote HELP module and allows a user to trigger an IRCD crash on some platforms. The second affects the /links processing module when the flatten_links configuration option is not enabled. last seen 2020-06-01 modified 2020-06-02 plugin id 44333 published 2010-01-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44333 title FreeBSD : irc-ratbox -- multiple vulnerabilities (192609c8-0c51-11df-82a0-00248c9b4be7) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9312.NASL description Two vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and oftc-hybrid. The first is an integer overflow that can lead to a denial of service or, possibly, the execution of arbitrary code on the ircd server (CVE-2009-4016 (patch [1])), the second is a NULL pointer dereference that can lead to a denial of service of the ircd server (CVE-2010-0300 (patch [2])). This has been corrected in upstream ircd-ratbox 2.2.9 [3]. CVE-2010-0300 may be ircd- ratbox specific, however CVE-2009-4016 affects both ircd servers. [1] http://ircd.ratbox.org/cgi-bin/index.cgi/ircd- ratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732 [2] http://trac.oftc.net/projects/oftc-hybrid/changeset/1062 [3] http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47529 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47529 title Fedora 12 : ircd-hybrid-7.2.3-11.fc12 / ircd-ratbox-2.2.8-7.fc12 (2010-9312)
References
- http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
- http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
- http://secunia.com/advisories/38210
- http://secunia.com/advisories/38210
- http://secunia.com/advisories/38383
- http://secunia.com/advisories/38383
- http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz
- http://www.debian.org/security/2010/dsa-1980
- http://www.debian.org/security/2010/dsa-1980