Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4404

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2007-4404
Last Modified 15 Nov 2008 01:56:52
Published 18 Aug 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4404

Summary

ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command.

Vulnerable Systems

Application

  • Universal Ircd Ircu 2.10.12.01


References

XF - ircu-joinapass-dos(35987)

XF - ircu-channelname-dos(35986)

XF - ircu-remotenames-dos(35984)

BID - 25285

BUGTRAQ - 20070812 Multiple vulnerabilities in ircu

OSVDB - 46712

OSVDB - 46711

OSVDB - 46710

SREASON - 3031


Last Updated: 27 May 2016 10:45:50