Computer Security
[EN] securityvulns.ru no-pyccku


irssi multiple security vulnerabilities
Published:19.04.2010
Source:
SecurityVulns ID:10770
Type:remote
Threat Level:
5/10
Description:Insufficient SSL certificate and version validation, DoS.
Affected:IRSSI : irssi 0.8
CVE:CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.)
 CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.)
Original documentdocumentUBUNTU, [USN-929-1] irssi vulnerabilities (19.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod