Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6084

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-6084
Last Modified 02 Feb 2013 12:10:39
Published 01 Jan 2013 10:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6084

Summary

modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request.

Vulnerable Systems

Application

  • Ircd-ratbox 1.0

  • Ircd-ratbox 1.1.1

  • Ircd-ratbox 1.1.2

  • Ircd-ratbox 1.2.1

  • Ircd-ratbox 1.2.2

  • Ircd-ratbox 1.2.3

  • Ircd-ratbox 1.3

  • Ircd-ratbox 1.3.1

  • Ircd-ratbox 1.3.2

  • Ircd-ratbox 1.4

  • Ircd-ratbox 1.5

  • Ircd-ratbox 1.5.1

  • Ircd-ratbox 1.5.2

  • Ircd-ratbox 1.5.3

  • Ircd-ratbox 2.0.1

  • Ircd-ratbox 2.0.10

  • Ircd-ratbox 2.0.11

  • Ircd-ratbox 2.0.2

  • Ircd-ratbox 2.0.3

  • Ircd-ratbox 2.0.4

  • Ircd-ratbox 2.0.5

  • Ircd-ratbox 2.0.6

  • Ircd-ratbox 2.0.7

  • Ircd-ratbox 2.0.8

  • Ircd-ratbox 2.0.9

  • Ircd-ratbox 2.1.0

  • Ircd-ratbox 2.1.1

  • Ircd-ratbox 2.1.2

  • Ircd-ratbox 2.1.3

  • Ircd-ratbox 2.1.4

  • Ircd-ratbox 2.1.5

  • Ircd-ratbox 2.1.6

  • Ircd-ratbox 2.1.7

  • Ircd-ratbox 2.1.8

  • Ircd-ratbox 2.2.0

  • Ircd-ratbox 2.2.1

  • Ircd-ratbox 2.2.2

  • Ircd-ratbox 2.2.3

  • Ircd-ratbox 2.2.4

  • Ircd-ratbox 2.2.5

  • Ircd-ratbox 2.2.6

  • Ircd-ratbox 2.2.7

  • Ircd-ratbox 2.2.7.1

  • Ircd-ratbox 2.2.8

  • Ircd-ratbox 2.2.9

  • Ircd-ratbox 3.0.7


References

CONFIRM - https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch

CONFIRM - http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2

CONFIRM - http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2

CONFIRM - http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt

MLIST - [oss-security] 20130101 Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash

DEBIAN - DSA-2612


Last Updated: 27 May 2016 11:01:30