6.8

CVE-2009-4016

Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ircd-hybridIrcd-hybrid Version7.2.2
Ircd-hybridIrcd-hybrid Version7.2.3
Ircd-ratboxIrcd-ratbox Version <= 2.2.8
Ircd-ratboxIrcd-ratbox Version1.0
Ircd-ratboxIrcd-ratbox Version1.1
Ircd-ratboxIrcd-ratbox Version1.1.1
Ircd-ratboxIrcd-ratbox Version1.1.2
Ircd-ratboxIrcd-ratbox Version1.2.1
Ircd-ratboxIrcd-ratbox Version1.2.2
Ircd-ratboxIrcd-ratbox Version1.2.3
Ircd-ratboxIrcd-ratbox Version1.3
Ircd-ratboxIrcd-ratbox Version1.3.1
Ircd-ratboxIrcd-ratbox Version1.3.2
Ircd-ratboxIrcd-ratbox Version1.4
Ircd-ratboxIrcd-ratbox Version1.4 Updaterc1
Ircd-ratboxIrcd-ratbox Version1.4 Updaterc2
Ircd-ratboxIrcd-ratbox Version1.4.1
Ircd-ratboxIrcd-ratbox Version1.4.2
Ircd-ratboxIrcd-ratbox Version1.5
Ircd-ratboxIrcd-ratbox Version1.5.1
Ircd-ratboxIrcd-ratbox Version1.5.2
Ircd-ratboxIrcd-ratbox Version1.5.3
Ircd-ratboxIrcd-ratbox Version2.0.0
Ircd-ratboxIrcd-ratbox Version2.0.1
Ircd-ratboxIrcd-ratbox Version2.0.2
Ircd-ratboxIrcd-ratbox Version2.0.3
Ircd-ratboxIrcd-ratbox Version2.0.4
Ircd-ratboxIrcd-ratbox Version2.0.5
Ircd-ratboxIrcd-ratbox Version2.0.6
Ircd-ratboxIrcd-ratbox Version2.0.7
Ircd-ratboxIrcd-ratbox Version2.0.8
Ircd-ratboxIrcd-ratbox Version2.0.9
Ircd-ratboxIrcd-ratbox Version2.0.10
Ircd-ratboxIrcd-ratbox Version2.0.11
Ircd-ratboxIrcd-ratbox Version2.1.0
Ircd-ratboxIrcd-ratbox Version2.1.0 Updatebeta1
Ircd-ratboxIrcd-ratbox Version2.1.0 Updatebeta2
Ircd-ratboxIrcd-ratbox Version2.1.1
Ircd-ratboxIrcd-ratbox Version2.1.2
Ircd-ratboxIrcd-ratbox Version2.1.3
Ircd-ratboxIrcd-ratbox Version2.1.4
Ircd-ratboxIrcd-ratbox Version2.1.5
Ircd-ratboxIrcd-ratbox Version2.1.6
Ircd-ratboxIrcd-ratbox Version2.1.7
Ircd-ratboxIrcd-ratbox Version2.1.8
Ircd-ratboxIrcd-ratbox Version2.2.0
Ircd-ratboxIrcd-ratbox Version2.2.0 Updaterc1
Ircd-ratboxIrcd-ratbox Version2.2.0 Updaterc2
Ircd-ratboxIrcd-ratbox Version2.2.0 Updaterc3
Ircd-ratboxIrcd-ratbox Version2.2.1
Ircd-ratboxIrcd-ratbox Version2.2.2
Ircd-ratboxIrcd-ratbox Version2.2.3
Ircd-ratboxIrcd-ratbox Version2.2.4
Ircd-ratboxIrcd-ratbox Version2.2.5
Ircd-ratboxIrcd-ratbox Version2.2.6
Ircd-ratboxIrcd-ratbox Version2.2.7
OftcOftc-hybrid Version <= 1.6.7
OftcOftc-hybrid Version1.4.0
OftcOftc-hybrid Version1.4.1
OftcOftc-hybrid Version1.5.0
OftcOftc-hybrid Version1.5.1
OftcOftc-hybrid Version1.5.2
OftcOftc-hybrid Version1.5.3
OftcOftc-hybrid Version1.5.4
OftcOftc-hybrid Version1.5.5
OftcOftc-hybrid Version1.5.6
OftcOftc-hybrid Version1.5.7
OftcOftc-hybrid Version1.6.0
OftcOftc-hybrid Version1.6.1
OftcOftc-hybrid Version1.6.2
OftcOftc-hybrid Version1.6.3
OftcOftc-hybrid Version1.6.4
OftcOftc-hybrid Version1.6.5
OftcOftc-hybrid Version1.6.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.03% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
http://secunia.com/advisories/38210
Vendor Advisory
http://secunia.com/advisories/38381
Vendor Advisory
http://secunia.com/advisories/38382
Vendor Advisory
http://secunia.com/advisories/38383
Vendor Advisory
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz
Patch
http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev
http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES
http://www.debian.org/security/2010/dsa-1980
Patch
http://www.securityfocus.com/bid/37978