Bug 325547 (CVE-2009-4893)

Summary:	net-irc/unrealircd: DOS (CVE-2009-4893)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	trivial	CC:	net-irc
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt
Whiteboard:	~1? [noglsa]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2010-06-25 19:00:20 UTC

CVE-2009-4893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4893):
  Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when
  allow::options::noident is enabled, allows remote attackers to cause
  a denial of service (crash) and possibly execute arbitrary code via
  unspecified vectors.

Comment 1 Samuli Suominen (RETIRED) gentoo-dev

2010-06-25 19:13:19 UTC

If I read http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt right, this is already been fixed in 3.2.8.1 we have in tree, and it's stable.
I've also removed 3.2.7-r2 from tree just now.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2010-06-25 19:16:14 UTC

Thanks, closing noglsa.

Comment 3 Tobias Heinlein (RETIRED) gentoo-dev

2010-06-26 11:34:29 UTC

Reopening.

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2010-06-26 11:34:39 UTC


*** This bug has been marked as a duplicate of bug 260806 ***