Download
| Alert*
oval:org.secpod.oval:def:602439
It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service, oval:org.secpod.oval:def:602048 adam@anope.org discovered several problems in inspircd, an IRC daemon: - an incomplete patch for CVE-2012-1836 failed to adequately resolve the problem where maliciously crafted DNS requests could lead to remote code execution through a heap-based buffer overflow. - the incorrect processing of speci ... oval:org.secpod.oval:def:600775 It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query. oval:org.secpod.oval:def:601486 inspircd is installed oval:org.secpod.oval:def:602610 It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. oval:org.secpod.oval:def:1900504 The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. |