Vulnerabilities > CVE-2010-0300 - Unspecified vulnerability in Ircd-Ratbox

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ircd-ratbox
nessus

Summary

cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Vulnerable Configurations

Part Description Count
Application
Ircd-Ratbox
55

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1980.NASL
    descriptionDavid Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code (CVE-2009-4016 ). This issue affects both, ircd-hybrid and ircd-ratbox. It was discovered that the ratbox IRC server is prone to a denial of service attack via the HELP command. The ircd-hybrid package is not vulnerable to this issue (CVE-2010-0300 ).
    last seen2020-06-01
    modified2020-06-02
    plugin id44844
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44844
    titleDebian DSA-1980-1 : ircd-hybrid/ircd-ratbox - integer underflow/denial of service
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_192609C80C5111DF82A000248C9B4BE7.NASL
    descriptionSecurityFocus reports : The first affects the /quote HELP module and allows a user to trigger an IRCD crash on some platforms. The second affects the /links processing module when the flatten_links configuration option is not enabled.
    last seen2020-06-01
    modified2020-06-02
    plugin id44333
    published2010-01-29
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44333
    titleFreeBSD : irc-ratbox -- multiple vulnerabilities (192609c8-0c51-11df-82a0-00248c9b4be7)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-9312.NASL
    descriptionTwo vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and oftc-hybrid. The first is an integer overflow that can lead to a denial of service or, possibly, the execution of arbitrary code on the ircd server (CVE-2009-4016 (patch [1])), the second is a NULL pointer dereference that can lead to a denial of service of the ircd server (CVE-2010-0300 (patch [2])). This has been corrected in upstream ircd-ratbox 2.2.9 [3]. CVE-2010-0300 may be ircd- ratbox specific, however CVE-2009-4016 affects both ircd servers. [1] http://ircd.ratbox.org/cgi-bin/index.cgi/ircd- ratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732 [2] http://trac.oftc.net/projects/oftc-hybrid/changeset/1062 [3] http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47529
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47529
    titleFedora 12 : ircd-hybrid-7.2.3-11.fc12 / ircd-ratbox-2.2.8-7.fc12 (2010-9312)