200467 – net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)

Bug 200467 - net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)

Summary: net-irc/ircservices < 5.0.63 default_encrypt Remote DoS (CVE-2007-6122)

Status:	RESOLVED DUPLICATE of bug 199897

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://lists.ircservices.za.net/piper...
Whiteboard:	B3 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2007-11-27 01:41 UTC by Robert Buchholz (RETIRED)
Modified:	2007-11-27 15:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2007-11-27 01:41:50 UTC

CVE-2007-6122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6122):
  The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and
  5.1.x before 5.1.7, allows remote attackers to cause a denial of service
  (daemon crash) via a long password.  NOTE: some of these details are obtained
  from third party information.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-11-27 01:43:33 UTC

Net-irc herd, please bump.

Comment 2 Dawid Węgliński (RETIRED) gentoo-dev

2007-11-27 15:43:54 UTC


*** This bug has been marked as a duplicate of bug 199897 ***