ngIRCd does not properly sanitize commands sent by users, allowing for a Denial of Service.
Package | net-irc/ngircd on all architectures |
---|---|
Affected versions | < 0.10.4 |
Unaffected versions | >= 0.10.4 |
ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
The IRC_PART() function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied.
A remote attacker can exploit this vulnerability to crash the ngIRCd daemon.
There is no known workaround at this time.
All ngIRCd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/ngircd-0.10.4"
Release date
January 27, 2008
Latest revision
January 27, 2008: 02
Severity
normal
Exploitable
remote
Bugzilla entries