Lucene search

[email protected]CVE-2007-3246

HistoryJun 15, 2007 - 1:30 a.m.

CVE-2007-3246

2007-06-1501:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3246

irc services

do_set_password

channel founder privileges

chanserv

nvd

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password.

Affected configurations

NVD

Node

irc_servicesirc_servicesRange≤5.0.60

CPENameOperatorVersion
irc_services:irc_servicesirc servicesle5.0.60

CPE	Name	Operator	Version
irc_services:irc_services	irc services	le	5.0.60

References

lists.ircservices.za.net/pipermail/ircservices/2007/005228.html

lists.ircservices.za.net/pipermail/ircservices/2007/005229.html

osvdb.org/41691

www.ircservices.za.net/Changes.txt

exchange.xforce.ibmcloud.com/vulnerabilities/34945

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2007-3246

nvd1 prion1 cvelist1