Summary: | <net-irc/shadowircd-6.3.3: Denial of Service Vulnerability (CVE-2012-6084) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | binki, jdhore, net-irc |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/51716/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-01-02 17:15:38 UTC
(In reply to comment #0) > @JD can we stabilize? Go for it. Arches added. Arches, please test and mark stable: =net-irc/shadowircd-6.3.3 Target keywords : "amd64 x86" CVE-2012-6084 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6084): modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request. amd64 stable x86 stable GLSA vote: yes GLSA Vote: yes, too. GLSA request filed. This issue was resolved and addressed in GLSA 201405-21 at http://security.gentoo.org/glsa/glsa-201405-21.xml by GLSA coordinator Sean Amoss (ackle). |