ID CVE-2009-4016 Type cve Reporter cve@mitre.org Modified 2010-02-05T05:00:00
Description
Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.
{"openvas": [{"lastseen": "2019-05-29T18:40:14", "bulletinFamily": "scanner", "description": "IRCD-Hybrid and ircd-ratbox are prone to a remote integer-underflow\nvulnerability.\n\nA remote attacker may exploit this issue to execute arbitrary code\nwithin the context of the affected application. Failed exploit\nattempts will likely crash the application, denying service to\nlegitimate users.\n\nIRCD-Hybrid 7.2.2 and ircd-ratbox 2.2.8 are vulnerable, other versions\nmay also be affected.", "modified": "2019-03-19T00:00:00", "published": "2010-01-28T00:00:00", "id": "OPENVAS:1361412562310100473", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100473", "title": "IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ircd_hybrid_37978.nasl 14323 2019-03-19 13:19:09Z jschulte $\n#\n# IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100473\");\n script_version(\"$Revision: 14323 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 14:19:09 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-28 18:48:47 +0100 (Thu, 28 Jan 2010)\");\n script_bugtraq_id(37978);\n script_cve_id(\"CVE-2009-4016\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_name(\"IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37978\");\n script_xref(name:\"URL\", value:\"http://www.ircd-hybrid.org/\");\n script_xref(name:\"URL\", value:\"http://www.ircd-ratbox.org/\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"ircd.nasl\");\n script_require_ports(\"Services/irc\", 6667);\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for details.\");\n script_tag(name:\"summary\", value:\"IRCD-Hybrid and ircd-ratbox are prone to a remote integer-underflow\nvulnerability.\n\nA remote attacker may exploit this issue to execute arbitrary code\nwithin the context of the affected application. Failed exploit\nattempts will likely crash the application, denying service to\nlegitimate users.\n\nIRCD-Hybrid 7.2.2 and ircd-ratbox 2.2.8 are vulnerable, other versions\nmay also be affected.\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nport = get_kb_item(\"Services/irc\");\nif(!port)port = 6667;\nif(! get_port_state(port)) exit(0);\n\nbanner = get_kb_item(string(\"irc/banner/\", port));\nif(!banner)exit(0);\nif(\"hybrid\" >!< banner)exit(0);\n\nversion = eregmatch(pattern:\"hybrid-([0-9.]+)\", string: banner);\nif(isnull(version[1]))exit(0);\n\nif(version_is_less_equal(version: version[1], test_version: \"7.2.2\")) {\n security_message(port:port);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:40:11", "bulletinFamily": "scanner", "description": "IRCD-Hybrid and ircd-ratbox are prone to a remote integer-underflow\nvulnerability.\n\nA remote attacker may exploit this issue to execute arbitrary code\nwithin the context of the affected application. Failed exploit\nattempts will likely crash the application, denying service to\nlegitimate users.\n\nIRCD-Hybrid 7.2.2 and ircd-ratbox 2.2.8 are vulnerable. Other versions\nmay also be affected.", "modified": "2019-03-16T00:00:00", "published": "2010-01-28T00:00:00", "id": "OPENVAS:1361412562310100472", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100472", "title": "IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ircd_ratbox_37978.nasl 14233 2019-03-16 13:32:43Z mmartin $\n#\n# IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100472\");\n script_version(\"$Revision: 14233 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-16 14:32:43 +0100 (Sat, 16 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-28 18:48:47 +0100 (Thu, 28 Jan 2010)\");\n script_bugtraq_id(37978);\n script_cve_id(\"CVE-2009-4016\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_name(\"IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37978\");\n script_xref(name:\"URL\", value:\"http://www.ircd-hybrid.org/\");\n script_xref(name:\"URL\", value:\"http://www.ircd-ratbox.org/\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"ircd.nasl\");\n script_require_ports(\"Services/irc\", 6667);\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for details.\");\n script_tag(name:\"summary\", value:\"IRCD-Hybrid and ircd-ratbox are prone to a remote integer-underflow\nvulnerability.\n\nA remote attacker may exploit this issue to execute arbitrary code\nwithin the context of the affected application. Failed exploit\nattempts will likely crash the application, denying service to\nlegitimate users.\n\nIRCD-Hybrid 7.2.2 and ircd-ratbox 2.2.8 are vulnerable. Other versions\nmay also be affected.\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nport = get_kb_item(\"Services/irc\");\nif(!port)port = 6667;\nif(! get_port_state(port)) exit(0);\n\nbanner = get_kb_item(string(\"irc/banner/\", port));\nif(!banner)exit(0);\nif(\"ratbox\" >!< banner)exit(0);\n\nversion = eregmatch(pattern:\"ircd-ratbox-([0-9.]+)\", string: banner);\nif(isnull(version[1]))exit(0);\n\nif(version_is_less_equal(version: version[1], test_version: \"2.2.8\"))\n{\n security_message(port:port);\n exit(0);\n}\n\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:03", "bulletinFamily": "scanner", "description": "IRCD-Hybrid and ircd-ratbox are prone to a remote integer-underflow\nvulnerability.\n\nA remote attacker may exploit this issue to execute arbitrary code\nwithin the context of the affected application. Failed exploit\nattempts will likely crash the application, denying service to\nlegitimate users.\n\nIRCD-Hybrid 7.2.2 and ircd-ratbox 2.2.8 are vulnerable; other versions\nmay also be affected.", "modified": "2017-02-22T00:00:00", "published": "2010-01-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100472", "id": "OPENVAS:100472", "title": "IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ircd_ratbox_37978.nasl 5394 2017-02-22 09:22:42Z teissa $\n#\n# IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"IRCD-Hybrid and ircd-ratbox are prone to a remote integer-underflow\nvulnerability.\n\nA remote attacker may exploit this issue to execute arbitrary code\nwithin the context of the affected application. Failed exploit\nattempts will likely crash the application, denying service to\nlegitimate users.\n\nIRCD-Hybrid 7.2.2 and ircd-ratbox 2.2.8 are vulnerable; other versions\nmay also be affected.\";\n\ntag_solution = \"Updates are available. Please see the references for details.\";\n\nif (description)\n{\n script_id(100472);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-28 18:48:47 +0100 (Thu, 28 Jan 2010)\");\n script_bugtraq_id(37978);\n script_cve_id(\"CVE-2009-4016\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_name(\"IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/37978\");\n script_xref(name : \"URL\" , value : \"http://www.ircd-hybrid.org/\");\n script_xref(name : \"URL\" , value : \"http://www.ircd-ratbox.org/\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"ircd.nasl\");\n script_require_ports(\"Services/irc\", 6667);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nport = get_kb_item(\"Services/irc\");\nif(!port)port = 6667;\nif(! get_port_state(port)) exit(0);\n\nbanner = get_kb_item(string(\"irc/banner/\", port));\nif(!banner)exit(0);\nif(\"ratbox\" >!< banner)exit(0);\n\nversion = eregmatch(pattern:\"ircd-ratbox-([0-9.]+)\", string: banner);\nif(isnull(version[1]))exit(0);\n\nif(version_is_less_equal(version: version[1], test_version: \"2.2.8\"))\n{\n security_message(port:port);\n exit(0);\n}\n\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:02", "bulletinFamily": "scanner", "description": "IRCD-Hybrid and ircd-ratbox are prone to a remote integer-underflow\nvulnerability.\n\nA remote attacker may exploit this issue to execute arbitrary code\nwithin the context of the affected application. Failed exploit\nattempts will likely crash the application, denying service to\nlegitimate users.\n\nIRCD-Hybrid 7.2.2 and ircd-ratbox 2.2.8 are vulnerable; other versions\nmay also be affected.", "modified": "2017-02-22T00:00:00", "published": "2010-01-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100473", "id": "OPENVAS:100473", "title": "IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ircd_hybrid_37978.nasl 5394 2017-02-22 09:22:42Z teissa $\n#\n# IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"IRCD-Hybrid and ircd-ratbox are prone to a remote integer-underflow\nvulnerability.\n\nA remote attacker may exploit this issue to execute arbitrary code\nwithin the context of the affected application. Failed exploit\nattempts will likely crash the application, denying service to\nlegitimate users.\n\nIRCD-Hybrid 7.2.2 and ircd-ratbox 2.2.8 are vulnerable; other versions\nmay also be affected.\";\n\ntag_solution = \"Updates are available. Please see the references for details.\";\n\nif (description)\n{\n script_id(100473);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-28 18:48:47 +0100 (Thu, 28 Jan 2010)\");\n script_bugtraq_id(37978);\n script_cve_id(\"CVE-2009-4016\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_name(\"IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/37978\");\n script_xref(name : \"URL\" , value : \"http://www.ircd-hybrid.org/\");\n script_xref(name : \"URL\" , value : \"http://www.ircd-ratbox.org/\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"ircd.nasl\");\n script_require_ports(\"Services/irc\", 6667);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nport = get_kb_item(\"Services/irc\");\nif(!port)port = 6667;\nif(! get_port_state(port)) exit(0);\n\nbanner = get_kb_item(string(\"irc/banner/\", port));\nif(!banner)exit(0);\nif(\"hybrid\" >!< banner)exit(0);\n\nversion = eregmatch(pattern:\"hybrid-([0-9.]+)\", string: banner);\nif(isnull(version[1]))exit(0);\n\nif(version_is_less_equal(version: version[1], test_version: \"7.2.2\")) {\n security_message(port:port);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:34", "bulletinFamily": "scanner", "description": "Check for the Version of ircd-ratbox", "modified": "2017-12-26T00:00:00", "published": "2010-06-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862144", "id": "OPENVAS:1361412562310862144", "title": "Fedora Update for ircd-ratbox FEDORA-2010-9312", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ircd-ratbox FEDORA-2010-9312\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ircd-ratbox on Fedora 12\";\ntag_insight = \"ircd-ratbox is an advanced, stable, fast ircd. It is an evolution where\n ircd-hybrid left off around version 7-rc1. It supports the TS3 and TS5\n protocols, and is used on EFnet and other IRC networks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042574.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862144\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9312\");\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_name(\"Fedora Update for ircd-ratbox FEDORA-2010-9312\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ircd-ratbox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"ircd-ratbox\", rpm:\"ircd-ratbox~2.2.8~7.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ircd-hybrid/ircd-ratbox\nannounced via advisory DSA 1980-1.", "modified": "2017-07-07T00:00:00", "published": "2010-02-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66773", "id": "OPENVAS:66773", "title": "Debian Security Advisory DSA 1980-1 (ircd-hybrid/ircd-ratbox)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1980_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 1980-1 (ircd-hybrid/ircd-ratbox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"David Leadbeater discovered an integer underflow that could be triggered\nvia the LINKS command and can lead to a denial of service or the\nexecution of arbitrary code (CVE-2009-4016). This issue affects both,\nircd-hybrid and ircd-ratbox.\n\nIt was discovered that the ratbox IRC server is prone to a denial of\nservice attack via the HELP command. The ircd-hybrid package is not\nvulnerable to this issue (CVE-2010-0300).\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in\nversion 2.2.8.dfsg-2+lenny1 of ircd-ratbox.\n\nDue to a bug in the archive software it was not possible to release the\nfix for the oldstable distribution (etch) simultaneously. The packages\nwill be released as version 7.2.2.dfsg.2-3+etch1 once they become\navailable.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your ircd-hybrid/ircd-ratbox packages.\";\ntag_summary = \"The remote host is missing an update to ircd-hybrid/ircd-ratbox\nannounced via advisory DSA 1980-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201980-1\";\n\n\nif(description)\n{\n script_id(66773);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-01 18:25:19 +0100 (Mon, 01 Feb 2010)\");\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1980-1 (ircd-hybrid/ircd-ratbox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"hybrid-dev\", ver:\"7.2.2.dfsg.2-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ircd-ratbox\", ver:\"2.2.8.dfsg-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ircd-ratbox-dbg\", ver:\"2.2.8.dfsg-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ircd-hybrid\", ver:\"7.2.2.dfsg.2-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:56", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-09T00:00:00", "published": "2010-02-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66819", "id": "OPENVAS:66819", "title": "FreeBSD Ports: ircd-ratbox", "type": "openvas", "sourceData": "#\n#VID 192609c8-0c51-11df-82a0-00248c9b4be7\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 192609c8-0c51-11df-82a0-00248c9b4be7\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ircd-ratbox\n ircd-ratbox-devel\n\nCVE-2009-4016\nInteger underflow in the clean_string function in irc_string.c in (1)\nIRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3)\noftc-hybrid before 1.6.8, when flatten_links is disabled, allows\nremote attackers to execute arbitrary code or cause a denial of\nservice (daemon crash) via a LINKS command.\n\nCVE-2010-0300\ncache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a\ndenial of service (NULL pointer dereference and daemon crash) via a\nHELP command.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.debian.org/security/2010/dsa-1980\nhttp://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000890.html\nhttp://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html\nhttp://www.vuxml.org/freebsd/192609c8-0c51-11df-82a0-00248c9b4be7.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(66819);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-10 21:51:26 +0100 (Wed, 10 Feb 2010)\");\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: ircd-ratbox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ircd-ratbox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.2.9\")<0) {\n txt += 'Package ircd-ratbox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ircd-ratbox-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.0.6\")<0) {\n txt += 'Package ircd-ratbox-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:46", "bulletinFamily": "scanner", "description": "Check for the Version of ircd-hybrid", "modified": "2017-12-28T00:00:00", "published": "2010-06-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862141", "id": "OPENVAS:1361412562310862141", "title": "Fedora Update for ircd-hybrid FEDORA-2010-9312", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ircd-hybrid FEDORA-2010-9312\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ircd-hybrid on Fedora 12\";\ntag_insight = \"Ircd-hybrid is an advanced IRC server which is most commonly used on the\n EFNet IRC network.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042575.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862141\");\n script_version(\"$Revision: 8254 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 08:29:05 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9312\");\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_name(\"Fedora Update for ircd-hybrid FEDORA-2010-9312\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ircd-hybrid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"ircd-hybrid\", rpm:\"ircd-hybrid~7.2.3~11.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:55", "bulletinFamily": "scanner", "description": "Check for the Version of ircd-hybrid", "modified": "2017-12-14T00:00:00", "published": "2010-06-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862141", "id": "OPENVAS:862141", "title": "Fedora Update for ircd-hybrid FEDORA-2010-9312", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ircd-hybrid FEDORA-2010-9312\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ircd-hybrid on Fedora 12\";\ntag_insight = \"Ircd-hybrid is an advanced IRC server which is most commonly used on the\n EFNet IRC network.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042575.html\");\n script_id(862141);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9312\");\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_name(\"Fedora Update for ircd-hybrid FEDORA-2010-9312\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ircd-hybrid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"ircd-hybrid\", rpm:\"ircd-hybrid~7.2.3~11.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:47", "bulletinFamily": "scanner", "description": "Check for the Version of ircd-ratbox", "modified": "2017-12-13T00:00:00", "published": "2010-06-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862144", "id": "OPENVAS:862144", "title": "Fedora Update for ircd-ratbox FEDORA-2010-9312", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ircd-ratbox FEDORA-2010-9312\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ircd-ratbox on Fedora 12\";\ntag_insight = \"ircd-ratbox is an advanced, stable, fast ircd. It is an evolution where\n ircd-hybrid left off around version 7-rc1. It supports the TS3 and TS5\n protocols, and is used on EFnet and other IRC networks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042574.html\");\n script_id(862144);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9312\");\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_name(\"Fedora Update for ircd-ratbox FEDORA-2010-9312\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ircd-ratbox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"ircd-ratbox\", rpm:\"ircd-ratbox~2.2.8~7.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "description": "\nSecurityFocus reports:\n\nThe first affects the /quote HELP module and allows a user\n\t to trigger an IRCD crash on some platforms.\nThe second affects the /links processing module when the\n\t flatten_links configuration option is not enabled.\n\n", "modified": "2010-01-25T00:00:00", "published": "2010-01-25T00:00:00", "id": "192609C8-0C51-11DF-82A0-00248C9B4BE7", "href": "https://vuxml.freebsd.org/freebsd/192609c8-0c51-11df-82a0-00248c9b4be7.html", "title": "irc-ratbox -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-08-22T02:22:48", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1980-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJanuary 27, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ircd-hybrid/ircd-ratbox\nVulnerability : integer underflow/denial of service\nProblem type : remote\nDebian-specific: no\nCVE Ids : CVE-2009-4016 CVE-2010-0300\n\n\nDavid Leadbeater discovered an integer underflow that could be triggered\nvia the LINKS command and can lead to a denial of service or the\nexecution of arbitrary code (CVE-2009-4016). This issue affects both,\nircd-hybrid and ircd-ratbox.\n\nIt was discovered that the ratbox IRC server is prone to a denial of\nservice attack via the HELP command. The ircd-hybrid package is not\nvulnerable to this issue (CVE-2010-0300).\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in\nversion 2.2.8.dfsg-2+lenny1 of ircd-ratbox.\n\nDue to a bug in the archive software it was not possible to release the\nfix for the oldstable distribution (etch) simultaneously. The packages\nwill be released as version 7.2.2.dfsg.2-3+etch1 once they become\navailable.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your ircd-hybrid/ircd-ratbox packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.dsc\n Size/MD5 checksum: 1139 a48d912892925013b37fb773841d6710\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2.orig.tar.gz\n Size/MD5 checksum: 756749 75896381ea6330aea860b35fff3c34bb\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz\n Size/MD5 checksum: 115007 a8d23129d0675ff779e5e315f8632a6b\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz\n Size/MD5 checksum: 18289 04a221b2b8dfd0654778a6608c7cb66b\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.dsc\n Size/MD5 checksum: 1230 f79125aafcc5d9fcbd09bedadd69fce7\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg.orig.tar.gz\n Size/MD5 checksum: 673439 0eb7d1430a997a37af03f8b2f9eed4bb\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb\n Size/MD5 checksum: 65708 85dba185f2fdd9e7b3c423ae8722cc2f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_alpha.deb\n Size/MD5 checksum: 568252 35a559f24895dab0fbe71f6af3a8c0b1\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_alpha.deb\n Size/MD5 checksum: 929788 583d32d5afc9747d824499183d4a5761\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_alpha.deb\n Size/MD5 checksum: 660008 1a2bca514133dbc27f91bca69ed2122e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_amd64.deb\n Size/MD5 checksum: 937710 2867b5535578c017699418acab7565b7\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_amd64.deb\n Size/MD5 checksum: 542006 52ca320cdd28849bd65065c921f03623\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_amd64.deb\n Size/MD5 checksum: 634416 d320f0d1b77cb08cb0caa9c9644d13aa\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_arm.deb\n Size/MD5 checksum: 589350 451a5bcf2b4b8f40e39128be3fdc479d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_armel.deb\n Size/MD5 checksum: 894654 4daf0784d8865e75c378630d7cf2d870\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_armel.deb\n Size/MD5 checksum: 595420 bf40953d00dbccd069b1596b6c84eadc\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_armel.deb\n Size/MD5 checksum: 504238 785107a5a9fa3dcd88f2a12916d47092\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_hppa.deb\n Size/MD5 checksum: 908902 8e1ebf2baf27a71f008eba792cdd87d7\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_hppa.deb\n Size/MD5 checksum: 647938 c67f473e9b4ae77a5578359c76ff5e75\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_hppa.deb\n Size/MD5 checksum: 554656 00af4d733f43a8404b2e62718a4bd341\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_i386.deb\n Size/MD5 checksum: 591346 7a9ccd0273005c654f5e78d6ba9d29d6\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_i386.deb\n Size/MD5 checksum: 891002 796bbd22c352ec873c9705e560492dbe\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_i386.deb\n Size/MD5 checksum: 499796 24e0d7b1284b3d7c3688366e9a8c493e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_ia64.deb\n Size/MD5 checksum: 783482 28568b727f452ef622cb8939618dde23\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_ia64.deb\n Size/MD5 checksum: 685370 17507ab3172ad5e1fd88ea05c70f68c4\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_ia64.deb\n Size/MD5 checksum: 906848 4561656a5c033c9b647f146a13e79322\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mips.deb\n Size/MD5 checksum: 506502 854cd9c98a5eaf38e3f815fd79d20c9a\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mips.deb\n Size/MD5 checksum: 918546 5307013e962c38b405db7507e251a31d\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mips.deb\n Size/MD5 checksum: 601610 9fc6640bb08a3af295589b72f6667087\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mipsel.deb\n Size/MD5 checksum: 912794 6024ad0383d9696c727203a0af740630\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mipsel.deb\n Size/MD5 checksum: 504864 ac200b212ed5ed69095b90bba53558f3\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mipsel.deb\n Size/MD5 checksum: 599656 f32d222728582a36d1a75494d87340af\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_powerpc.deb\n Size/MD5 checksum: 732146 445dc7f28c92455ed3293b9b6b795020\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_powerpc.deb\n Size/MD5 checksum: 1001328 bca90faf524223bb06bb47774ee7d147\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_powerpc.deb\n Size/MD5 checksum: 639750 282ee75ee6b2e2fefcda221fb930bc6b\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_s390.deb\n Size/MD5 checksum: 905196 cc484c7b4f807227ff75af729504ca0c\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_s390.deb\n Size/MD5 checksum: 537006 3c24b451ae8fdd846d982982fa652535\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_s390.deb\n Size/MD5 checksum: 616620 d9bba18dc19104a06d57403bf93e64a6\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_sparc.deb\n Size/MD5 checksum: 843350 99cd0379e8623f3265bbba3eb8578e86\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_sparc.deb\n Size/MD5 checksum: 586408 87cbcdd0fadac9c2d17c71cb5df907f7\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_sparc.deb\n Size/MD5 checksum: 498376 a117209c1ed8b9104bee8a154d390fd0\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-01-27T20:29:14", "published": "2010-01-27T20:29:14", "id": "DEBIAN:DSA-1980-1:69AA8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00016.html", "title": "[SECURITY] [DSA 1980-1] New ircd-hybrid/ircd-ratbox packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:21:06", "bulletinFamily": "scanner", "description": "David Leadbeater discovered an integer underflow that could be\ntriggered via the LINKS command and can lead to a denial of service or\nthe execution of arbitrary code (CVE-2009-4016 ). This issue affects\nboth, ircd-hybrid and ircd-ratbox.\n\nIt was discovered that the ratbox IRC server is prone to a denial of\nservice attack via the HELP command. The ircd-hybrid package is not\nvulnerable to this issue (CVE-2010-0300 ).", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-1980.NASL", "href": "https://www.tenable.com/plugins/nessus/44844", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1980-1 : ircd-hybrid/ircd-ratbox - integer underflow/denial of service", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1980. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44844);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:22\");\n\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_xref(name:\"DSA\", value:\"1980\");\n\n script_name(english:\"Debian DSA-1980-1 : ircd-hybrid/ircd-ratbox - integer underflow/denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"David Leadbeater discovered an integer underflow that could be\ntriggered via the LINKS command and can lead to a denial of service or\nthe execution of arbitrary code (CVE-2009-4016 ). This issue affects\nboth, ircd-hybrid and ircd-ratbox.\n\nIt was discovered that the ratbox IRC server is prone to a denial of\nservice attack via the HELP command. The ircd-hybrid package is not\nvulnerable to this issue (CVE-2010-0300 ).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-1980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ircd-hybrid/ircd-ratbox packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in\nversion 2.2.8.dfsg-2+lenny1 of ircd-ratbox.\n\nDue to a bug in the archive software it was not possible to release\nthe fix for the oldstable distribution (etch) simultaneously. The\npackages will be released as version 7.2.2.dfsg.2-3+etch1 once they\nbecome available.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ircd-ratbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"hybrid-dev\", reference:\"1:7.2.2.dfsg.2-4+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ircd-hybrid\", reference:\"1:7.2.2.dfsg.2-4+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ircd-ratbox\", reference:\"1:2.2.8.dfsg-2+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ircd-ratbox-dbg\", reference:\"1:2.2.8.dfsg-2+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:26:50", "bulletinFamily": "scanner", "description": "Two vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and\noftc-hybrid. The first is an integer overflow that can lead to a\ndenial of service or, possibly, the execution of arbitrary code on the\nircd server (CVE-2009-4016 (patch [1])), the second is a NULL pointer\ndereference that can lead to a denial of service of the ircd server\n(CVE-2010-0300 (patch [2])). This has been corrected in upstream\nircd-ratbox 2.2.9 [3]. CVE-2010-0300 may be ircd- ratbox specific,\nhowever CVE-2009-4016 affects both ircd servers. [1]\nhttp://ircd.ratbox.org/cgi-bin/index.cgi/ircd-\nratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732 [2]\nhttp://trac.oftc.net/projects/oftc-hybrid/changeset/1062 [3]\nhttp://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2010-9312.NASL", "href": "https://www.tenable.com/plugins/nessus/47529", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : ircd-hybrid-7.2.3-11.fc12 / ircd-ratbox-2.2.8-7.fc12 (2010-9312)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-9312.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47529);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:33\");\n\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_bugtraq_id(37978, 37979);\n script_xref(name:\"FEDORA\", value:\"2010-9312\");\n\n script_name(english:\"Fedora 12 : ircd-hybrid-7.2.3-11.fc12 / ircd-ratbox-2.2.8-7.fc12 (2010-9312)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and\noftc-hybrid. The first is an integer overflow that can lead to a\ndenial of service or, possibly, the execution of arbitrary code on the\nircd server (CVE-2009-4016 (patch [1])), the second is a NULL pointer\ndereference that can lead to a denial of service of the ircd server\n(CVE-2010-0300 (patch [2])). This has been corrected in upstream\nircd-ratbox 2.2.9 [3]. CVE-2010-0300 may be ircd- ratbox specific,\nhowever CVE-2009-4016 affects both ircd servers. [1]\nhttp://ircd.ratbox.org/cgi-bin/index.cgi/ircd-\nratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732 [2]\nhttp://trac.oftc.net/projects/oftc-hybrid/changeset/1062 [3]\nhttp://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ircd.ratbox.org/cgi-bin/index.cgi/ircd-\"\n );\n # http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75684b4a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.oftc.net/projects/oftc-hybrid/changeset/1062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=559382\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/042574.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e5c976c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/042575.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?355bb8f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ircd-hybrid and / or ircd-ratbox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ircd-hybrid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ircd-ratbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"ircd-hybrid-7.2.3-11.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"ircd-ratbox-2.2.8-7.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ircd-hybrid / ircd-ratbox\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:37:07", "bulletinFamily": "scanner", "description": "SecurityFocus reports :\n\nThe first affects the /quote HELP module and allows a user to trigger\nan IRCD crash on some platforms.\n\nThe second affects the /links processing module when the flatten_links\nconfiguration option is not enabled.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_192609C80C5111DF82A000248C9B4BE7.NASL", "href": "https://www.tenable.com/plugins/nessus/44333", "published": "2010-01-29T00:00:00", "title": "FreeBSD : irc-ratbox -- multiple vulnerabilities (192609c8-0c51-11df-82a0-00248c9b4be7)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44333);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:40\");\n\n script_cve_id(\"CVE-2009-4016\", \"CVE-2010-0300\");\n script_xref(name:\"DSA\", value:\"1980\");\n\n script_name(english:\"FreeBSD : irc-ratbox -- multiple vulnerabilities (192609c8-0c51-11df-82a0-00248c9b4be7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SecurityFocus reports :\n\nThe first affects the /quote HELP module and allows a user to trigger\nan IRCD crash on some platforms.\n\nThe second affects the /links processing module when the flatten_links\nconfiguration option is not enabled.\"\n );\n # http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000890.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9c202cd5\"\n );\n # http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75684b4a\"\n );\n # https://vuxml.freebsd.org/freebsd/192609c8-0c51-11df-82a0-00248c9b4be7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24719ba1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ircd-ratbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ircd-ratbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ircd-ratbox<2.2.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ircd-ratbox-devel<3.0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1980-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nJanuary 27, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : ircd-hybrid/ircd-ratbox\r\nVulnerability : integer underflow/denial of service\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Ids : CVE-2009-4016 CVE-2010-0300\r\n\r\n\r\nDavid Leadbeater discovered an integer underflow that could be triggered\r\nvia the LINKS command and can lead to a denial of service or the\r\nexecution of arbitrary code (CVE-2009-4016). This issue affects both,\r\nircd-hybrid and ircd-ratbox.\r\n\r\nIt was discovered that the ratbox IRC server is prone to a denial of\r\nservice attack via the HELP command. The ircd-hybrid package is not\r\nvulnerable to this issue (CVE-2010-0300).\r\n\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in\r\nversion 2.2.8.dfsg-2+lenny1 of ircd-ratbox.\r\n\r\nDue to a bug in the archive software it was not possible to release the\r\nfix for the oldstable distribution (etch) simultaneously. The packages\r\nwill be released as version 7.2.2.dfsg.2-3+etch1 once they become\r\navailable.\r\n\r\nFor the testing distribution (squeeze) and the unstable distribution\r\n(sid), this problem will be fixed soon.\r\n\r\n\r\nWe recommend that you upgrade your ircd-hybrid/ircd-ratbox packages.\r\n\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.dsc\r\n Size/MD5 checksum: 1139 a48d912892925013b37fb773841d6710\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2.orig.tar.gz\r\n Size/MD5 checksum: 756749 75896381ea6330aea860b35fff3c34bb\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz\r\n Size/MD5 checksum: 115007 a8d23129d0675ff779e5e315f8632a6b\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz\r\n Size/MD5 checksum: 18289 04a221b2b8dfd0654778a6608c7cb66b\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.dsc\r\n Size/MD5 checksum: 1230 f79125aafcc5d9fcbd09bedadd69fce7\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg.orig.tar.gz\r\n Size/MD5 checksum: 673439 0eb7d1430a997a37af03f8b2f9eed4bb\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb\r\n Size/MD5 checksum: 65708 85dba185f2fdd9e7b3c423ae8722cc2f\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_alpha.deb\r\n Size/MD5 checksum: 568252 35a559f24895dab0fbe71f6af3a8c0b1\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_alpha.deb\r\n Size/MD5 checksum: 929788 583d32d5afc9747d824499183d4a5761\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_alpha.deb\r\n Size/MD5 checksum: 660008 1a2bca514133dbc27f91bca69ed2122e\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_amd64.deb\r\n Size/MD5 checksum: 937710 2867b5535578c017699418acab7565b7\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_amd64.deb\r\n Size/MD5 checksum: 542006 52ca320cdd28849bd65065c921f03623\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_amd64.deb\r\n Size/MD5 checksum: 634416 d320f0d1b77cb08cb0caa9c9644d13aa\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_arm.deb\r\n Size/MD5 checksum: 589350 451a5bcf2b4b8f40e39128be3fdc479d\r\n\r\narmel architecture (ARM EABI)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_armel.deb\r\n Size/MD5 checksum: 894654 4daf0784d8865e75c378630d7cf2d870\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_armel.deb\r\n Size/MD5 checksum: 595420 bf40953d00dbccd069b1596b6c84eadc\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_armel.deb\r\n Size/MD5 checksum: 504238 785107a5a9fa3dcd88f2a12916d47092\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_hppa.deb\r\n Size/MD5 checksum: 908902 8e1ebf2baf27a71f008eba792cdd87d7\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_hppa.deb\r\n Size/MD5 checksum: 647938 c67f473e9b4ae77a5578359c76ff5e75\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_hppa.deb\r\n Size/MD5 checksum: 554656 00af4d733f43a8404b2e62718a4bd341\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_i386.deb\r\n Size/MD5 checksum: 591346 7a9ccd0273005c654f5e78d6ba9d29d6\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_i386.deb\r\n Size/MD5 checksum: 891002 796bbd22c352ec873c9705e560492dbe\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_i386.deb\r\n Size/MD5 checksum: 499796 24e0d7b1284b3d7c3688366e9a8c493e\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_ia64.deb\r\n Size/MD5 checksum: 783482 28568b727f452ef622cb8939618dde23\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_ia64.deb\r\n Size/MD5 checksum: 685370 17507ab3172ad5e1fd88ea05c70f68c4\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_ia64.deb\r\n Size/MD5 checksum: 906848 4561656a5c033c9b647f146a13e79322\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mips.deb\r\n Size/MD5 checksum: 506502 854cd9c98a5eaf38e3f815fd79d20c9a\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mips.deb\r\n Size/MD5 checksum: 918546 5307013e962c38b405db7507e251a31d\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mips.deb\r\n Size/MD5 checksum: 601610 9fc6640bb08a3af295589b72f6667087\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mipsel.deb\r\n Size/MD5 checksum: 912794 6024ad0383d9696c727203a0af740630\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mipsel.deb\r\n Size/MD5 checksum: 504864 ac200b212ed5ed69095b90bba53558f3\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mipsel.deb\r\n Size/MD5 checksum: 599656 f32d222728582a36d1a75494d87340af\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_powerpc.deb\r\n Size/MD5 checksum: 732146 445dc7f28c92455ed3293b9b6b795020\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_powerpc.deb\r\n Size/MD5 checksum: 1001328 bca90faf524223bb06bb47774ee7d147\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_powerpc.deb\r\n Size/MD5 checksum: 639750 282ee75ee6b2e2fefcda221fb930bc6b\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_s390.deb\r\n Size/MD5 checksum: 905196 cc484c7b4f807227ff75af729504ca0c\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_s390.deb\r\n Size/MD5 checksum: 537006 3c24b451ae8fdd846d982982fa652535\r\n http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_s390.deb\r\n Size/MD5 checksum: 616620 d9bba18dc19104a06d57403bf93e64a6\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_sparc.deb\r\n Size/MD5 checksum: 843350 99cd0379e8623f3265bbba3eb8578e86\r\n \r\nhttp://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_sparc.deb\r\n Size/MD5 checksum: 586408 87cbcdd0fadac9c2d17c71cb5df907f7\r\n http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_sparc.deb\r\n Size/MD5 checksum: 498376 a117209c1ed8b9104bee8a154d390fd0\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAktgoccACgkQ62zWxYk/rQdv9gCfUjTdEehRZSMgLqcSEUdOyy2d\r\nXvMAniS7ut9hqsHpASG+55i86DfEQ6wH\r\n=Ph5o\r\n-----END PGP SIGNATURE-----", "modified": "2010-01-28T00:00:00", "published": "2010-01-28T00:00:00", "id": "SECURITYVULNS:DOC:23129", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23129", "title": "[SECURITY] [DSA 1980-1] New ircd-hybrid/ircd-ratbox packages fix arbitrary code execution", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "description": "LINKS command, integer overflow, HELP command DoS.", "modified": "2010-01-28T00:00:00", "published": "2010-01-28T00:00:00", "id": "SECURITYVULNS:VULN:10561", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10561", "title": "hybrid and ratbox IRC servers multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}