Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date:  Wed, 23 Apr 2008 19:46:11 -0400
From:  Micah Anderson <micah@...eup.net>
To: oss-security@...ts.openwall.com
Subject:  Re: CVE Request: inspircd

"Steven M. Christey" <coley@...us.mitre.org>
writes:

> On Tue, 22 Apr 2008, Micah Anderson wrote:
>
>>
>> Versions prior to 1.1.17 of InspIRCd are vulnerable to a remotely
>> triggerable buffer overflow which can lead to a Denial of Service
>> (daemon crash) when the namesx and uhnames modules are loaded.
>
> The reference you pointed to is for a fix in 1.1.18, which suggests that
> 1.1.17 is vulnerable.

Sorry for the confusion, that was my mistake.

> Thanks for the clarification of the issue - the vendor's post only alluded
> to "security" with no additional details, which left a lot of vuln DBs
> guessing.

I was also guessing, thats why I sought clarification :)

Micah

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux