Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 199897 (CVE-2007-6122) - net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)
Summary: net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)
Alias: CVE-2007-6122
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
: 200467 (view as bug list)
Depends on:
Reported: 2007-11-21 14:22 UTC by Lars Hartmann
Modified: 2008-03-06 09:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Lars Hartmann 2007-11-21 14:22:08 UTC
A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the improper handling of overly long passwords within the "default_encrypt()" function in encrypt.c and can be exploited to crash an affected server.

The vulnerability is reported in versions prior to 5.0.63 and 5.1.9.

Update to version 5.0.63 or 5.1.9.

Provided and/or discovered by:
The vendor credits loverboy.

Reproducible: Always
Comment 1 Lars Hartmann 2007-11-26 21:41:31 UTC
maintainers - please advice
Comment 2 Dawid Węgliński (RETIRED) gentoo-dev 2007-11-27 15:43:54 UTC
*** Bug 200467 has been marked as a duplicate of this bug. ***
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-11-28 02:08:01 UTC
Missed that one.
Comment 4 Dawid Węgliński (RETIRED) gentoo-dev 2007-11-29 20:06:23 UTC
Ok, bumped to 5.0.63 till i have some more time to bump to 5.1.9
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2007-11-29 21:22:19 UTC
Arches, please test and mark stable net-irc/ircservices-5.0.63.
Target keywords : "ppc x86"
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2007-11-30 13:03:34 UTC
x86 stable
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2007-11-30 22:45:38 UTC
ppc stable
Comment 8 Lars Hartmann 2007-12-01 13:50:11 UTC
this bug is ready for glsa decision
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2007-12-02 12:42:41 UTC
Voting YES.
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-10 21:48:29 UTC
yes too, request filed.
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-13 22:08:44 UTC
GLSA 200712-12
Comment 12 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:50:56 UTC
Does not affect current (2008.0) release. Removing release.