[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security]  Re: CVE Request: inspircd
From:       Micah Anderson <micah () riseup ! net>
Date:       2008-04-23 23:46:11
Message-ID: 87k5iokud8.fsf () lillypad ! riseup ! net
[Download RAW message or body]

"Steven M. Christey" <coley@linus.mitre.org>
writes:

> On Tue, 22 Apr 2008, Micah Anderson wrote:
>
>>
>> Versions prior to 1.1.17 of InspIRCd are vulnerable to a remotely
>> triggerable buffer overflow which can lead to a Denial of Service
>> (daemon crash) when the namesx and uhnames modules are loaded.
>
> The reference you pointed to is for a fix in 1.1.18, which suggests that
> 1.1.17 is vulnerable.

Sorry for the confusion, that was my mistake.

> Thanks for the clarification of the issue - the vendor's post only alluded
> to "security" with no additional details, which left a lot of vuln DBs
> guessing.

I was also guessing, thats why I sought clarification :)

Micah

[prev in list] [next in list] [prev in thread] [next in thread]