Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24076
HistoryJun 16, 2010 - 12:00 a.m.

[ GLSA 201006-21 ] UnrealIRCd: Multiple vulnerabilities

2010-06-1600:00:00
vulners.com
5
JSON

Gentoo Linux Security Advisory GLSA 201006-21

                                        http://security.gentoo.org/

Severity: High
Title: UnrealIRCd: Multiple vulnerabilities
Date: June 14, 2010
Bugs: #260806, #323691
ID: 201006-21

Synopsis

Multiple vulnerabilities in UnrealIRCd might allow remote attackers to
compromise the "unrealircd" account, or cause a Denial of Service.

Background

UnrealIRCd is an Internet Relay Chat (IRC) daemon.

Affected packages

-------------------------------------------------------------------
 Package             /   Vulnerable   /                 Unaffected
-------------------------------------------------------------------

1 net-irc/unrealircd < 3.2.8.1-r1 >= 3.2.8.1-r1

Description

Multiple vulnerabilities have been reported in UnrealIRCd:

  • The vendor reported a buffer overflow in the user authorization
    code.

  • The vendor reported that the distributed source code of UnrealIRCd
    was compromised and altered to include a system() call that could be
    called with arbitrary user input.

Impact

A remote attacker could exploit these vulnerabilities to cause the
execution of arbitrary commands with the privileges of the user running
UnrealIRCd, or a Denial of Service condition. NOTE: By default
UnrealIRCd on Gentoo is run with the privileges of the "unrealircd"
user.

Workaround

There is no known workaround at this time.

Resolution

All UnrealIRCd users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-irc/unrealircd-3.2.8.1-r1&quot;

References

[ 1 ] UnrealIRCd Security Advisory 20090413
http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt
[ 2 ] UnrealIRCd Security Advisory 20100612
http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201006-21.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

JSON