GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jun 14, 2010 7:26 pm Post subject: [ GLSA 201006-21 ] UnrealIRCd: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: UnrealIRCd: Multiple vulnerabilities (GLSA 201006-21)
Severity: high
Exploitable: remote
Date: June 14, 2010
Bug(s): #260806, #323691
ID: 201006-21
Synopsis
Multiple vulnerabilities in UnrealIRCd might allow remote attackers to
compromise the "unrealircd" account, or cause a Denial of Service.
Background
UnrealIRCd is an Internet Relay Chat (IRC) daemon.
Affected Packages
Package: net-irc/unrealircd
Vulnerable: < 3.2.8.1-r1
Unaffected: >= 3.2.8.1-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been reported in UnrealIRCd:
- The vendor reported a buffer overflow in the user authorization
code (CVE-2009-4893). - The vendor reported that the distributed source code of UnrealIRCd
was compromised and altered to include a system() call that could be
called with arbitrary user input (CVE-2010-2075).
Impact
A remote attacker could exploit these vulnerabilities to cause the
execution of arbitrary commands with the privileges of the user running
UnrealIRCd, or a Denial of Service condition. NOTE: By default
UnrealIRCd on Gentoo is run with the privileges of the "unrealircd"
user.
Workaround
There is no known workaround at this time.
Resolution
All UnrealIRCd users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/unrealircd-3.2.8.1-r1" |
References
UnrealIRCd Security Advisory 20090413
UnrealIRCd Security Advisory 20100612
CVE-2009-4893
CVE-2010-2075
Last edited by GLSA on Fri May 09, 2014 4:29 am; edited 3 times in total |
|
News & Announcements
