Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Jun 2010 16:20:29 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Josh Bressers <bressers@...hat.com>
cc: oss-security@...ts.openwall.com
Subject: Re: CVE request: UnrealIRCd 3.2.8.1 source code
 contained a backdoor allowing for remote command execution


On Mon, 14 Jun 2010, Josh Bressers wrote:

> Can you give this one a 2009 ID.

Use CVE-2009-4893

- Steve


> ----- "Alex Legler" <a3li@...too.org> wrote:
>
>> On Sat, 12 Jun 2010 19:10:48 +0200, Alex Legler <a3li@...too.org>
>> wrote:
>>
>>> [blah]
>>
>> While we're at it...
>>
>> http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt
>>
>> "A buffer in the code which handles user authorization is copied
>> without
>> sufficient length checks, causing a buffer overflow.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.