Date: Mon, 14 Jun 2010 19:10:14 +0200 From: Alex Legler <a3li@...too.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: UnrealIRCd 22.214.171.124 source code contained a backdoor allowing for remote command execution On Sat, 12 Jun 2010 19:10:48 +0200, Alex Legler <a3li@...too.org> wrote: > [blah] While we're at it... http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt "A buffer in the code which handles user authorization is copied without sufficient length checks, causing a buffer overflow. This bug happens BEFORE the user is online. In other words: even if you have a password protected server, or only allow certain ip/hosts in, and you use allow::options::noident, then this bug can still be triggered." The issue affects versions <126.96.36.199 I think this issue doesn't have a CVE yet either. (CVE-2009-*) Thanks, Alex -- Alex Legler | Gentoo Security / Ruby a3li@...too.org | a3li@...ber.ccc.de Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.