Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4407

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-4407
Last Modified 15 Nov 2008 01:56:54
Published 18 Aug 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4407

Summary

ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass.

Vulnerable Systems

Application

  • Universal Ircd Ircu 2.10.12.03

  • Universal Ircd Ircu 2.10.12.04


References

XF - ircu-timestamp-unauthorized-access(35989)

BID - 25285

BUGTRAQ - 20070812 Multiple vulnerabilities in ircu

OSVDB - 46716

SREASON - 3031


Last Updated: 27 May 2016 10:45:50