oss-sec mailing list archives
Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution
From: Alex Legler <a3li () gentoo org>
Date: Mon, 14 Jun 2010 19:10:14 +0200
On Sat, 12 Jun 2010 19:10:48 +0200, Alex Legler <a3li () gentoo org> wrote:
[blah]
While we're at it... http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt "A buffer in the code which handles user authorization is copied without sufficient length checks, causing a buffer overflow. This bug happens BEFORE the user is online. In other words: even if you have a password protected server, or only allow certain ip/hosts in, and you use allow::options::noident, then this bug can still be triggered." The issue affects versions <3.2.8.1 I think this issue doesn't have a CVE yet either. (CVE-2009-*) Thanks, Alex -- Alex Legler | Gentoo Security / Ruby a3li () gentoo org | a3li () jabber ccc de
Attachment:
signature.asc
Description:
Current thread:
- CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution Alex Legler (Jun 12)
- Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution Alex Legler (Jun 14)
- Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution Josh Bressers (Jun 14)
- Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution Eugene Teo (Jun 14)