Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1486

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1486
Last Modified 05 Sep 2008 04:30:43
Published 02 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1486

Summary

Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.

Vulnerable Systems

Application

  • Cerulean Studios Trillian 0.725

  • Cerulean Studios Trillian 0.73

  • Cerulean Studios Trillian 0.74


References

BID - 5777

BUGTRAQ - 20020920 Yet Another. Trillian 'JOIN' Overflow.

BID - 5769

BID - 5765

XF - trillian-irc-server-bo(10163)

XF - trillian-raw221-bo(10151)

XF - trillian-irc-join-bo(10150)

NTBUGTRAQ - 20020914 Trillian .74 and below, ident flaw.

BUGTRAQ - 20020922 *sigh* Trillian multiple DoS

BUGTRAQ - 20020921 And Again. Trillian 'raw 221' Overflow.

NTBUGTRAQ - 20020919 Trillian .73 & .74 "PRIVMSG" Overflow.


Last Updated: 27 May 2016 10:37:21