CVE-2008-1501

Sažetak

The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.

Reference

http://hg.quakenet.org/snircd/rev/2da2b881d9f5
http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060906.html
http://osvdb.org/43613
http://secunia.com/advisories/29481
http://secunia.com/advisories/29486
http://securityreason.com/securityalert/3779
http://www.securityfocus.com/archive/1/489990/100/0/threaded
http://www.securityfocus.com/bid/28413
http://www.securitytracker.com/id?1019687
http://www.securitytracker.com/id?1019688
http://www.vupen.com/english/advisories/2008/0977
http://www.vupen.com/english/advisories/2008/0978
https://exchange.xforce.ibmcloud.com/vulnerabilities/41397
https://exchange.xforce.ibmcloud.com/vulnerabilities/41401
https://www.exploit-db.com/exploits/5306

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

11-10-2018 - 20:35

Objavljeno

25-03-2008 - 19:44