Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 200467

Summary: net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: net-irc
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.ircservices.za.net/pipermail/ircservices/2007/005564.html
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-27 01:41:50 UTC 
CVE-2007-6122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6122):
  The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and
  5.1.x before 5.1.7, allows remote attackers to cause a denial of service
  (daemon crash) via a long password.  NOTE: some of these details are obtained
  from third party information.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-11-27 01:43:33 UTC 
Net-irc herd, please bump.
Comment 2 Dawid Węgliński (RETIRED) gentoo-dev 2007-11-27 15:43:54 UTC 

*** This bug has been marked as a duplicate of bug 199897 ***