{"id": "CVE-2017-15228", "bulletinFamily": "NVD", "title": "CVE-2017-15228", "description": "Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.", "published": "2017-10-22T20:29:00", "modified": "2018-02-04T02:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15228", "reporter": "cve@mitre.org", "references": ["https://irssi.org/security/irssi_sa_2017_10.txt", "http://openwall.com/lists/oss-security/2017/10/22/4", "https://www.debian.org/security/2017/dsa-4016", "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"], "cvelist": ["CVE-2017-15228"], "type": "cve", "lastseen": "2019-05-29T18:16:50", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "51f4f334d3f0d872bd6d033f7b145eb6"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "e93d1594c27c53e5a8cc861d46d31d14"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "b5cef30da83f9b368c6b3bb523042642"}, {"key": "cwe", "hash": "af763a464055c05fadc96ca4f517bea9"}, {"key": "description", "hash": "1fe506ce8564512f87d2cf41a9b7dd43"}, {"key": "href", "hash": "7ef6d03a4b5308516c797cbbe0a4ea03"}, {"key": "modified", "hash": "d170e79fd66254c576e7688954692158"}, {"key": "published", "hash": "c793a320d2fc6f33c1fb2f63a08cf740"}, {"key": "references", "hash": "e46d63409c05f37857a854a203837430"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "61e1fbba98ca073444c0b8874a2de8dd"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d07304a265fe3f136356b93efca3fc1ab555e9befa370b490e2a8cbf23374868", "viewCount": 0, "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2019-05-29T18:16:50"}, "dependencies": {"references": [{"type": "slackware", "idList": ["SSA-2017-298-01"]}, {"type": "nessus", "idList": ["OPENSUSE-2017-1189.NASL", "EULEROS_SA-2017-1283.NASL", "SLACKWARE_SSA_2017-298-01.NASL", "EULEROS_SA-2017-1284.NASL", "FREEBSD_PKG_85E2C7EBB74B11E785465CF3FCFDD1F1.NASL", "UBUNTU_USN-3465-1.NASL", "DEBIAN_DLA-1217.NASL", "DEBIAN_DSA-4016.NASL"]}, {"type": "freebsd", "idList": ["85E2C7EB-B74B-11E7-8546-5CF3FCFDD1F1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704016", "OPENVAS:1361412562310843350"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4016-1:AC5F8", "DEBIAN:DLA-1217-1:DD52D"]}, {"type": "ubuntu", "idList": ["USN-3465-1"]}], "modified": "2019-05-29T18:16:50"}, "vulnersScore": 4.8}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "irssi irssi", "operator": "le", "version": "1.0.4"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-125"]}

{"slackware": [{"lastseen": "2019-05-30T07:36:48", "bulletinFamily": "unix", "description": "New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/irssi-1.0.5-i586-1_slack14.2.txz: Upgraded.\n This update fixes some remote denial of service issues.\n For more information, see:\n https://irssi.org/security/irssi_sa_2017_10.txt\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15228\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15227\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15721\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15723\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15722\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/irssi-1.0.5-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/irssi-1.0.5-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/irssi-1.0.5-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/irssi-1.0.5-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/irssi-1.0.5-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/irssi-1.0.5-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/irssi-1.0.5-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/irssi-1.0.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n7171f6d3cbd85a8d9977ba6fafb8735f irssi-1.0.5-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ncfa289b0c39f9c60d9978fd6a9adb234 irssi-1.0.5-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n651289cbd9d7beea6ff767f9076cbc15 irssi-1.0.5-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n25da26f567180faa64ab9e8b4796007a irssi-1.0.5-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n61681f8de2cb05ddefdb4929410bc18b irssi-1.0.5-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n8d1c3ae5dd7ae9aadfa4c9407667ba63 irssi-1.0.5-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nd51cdfd3cd6f7272c1d9b9399c638ae3 n/irssi-1.0.5-i586-1.txz\n\nSlackware x86_64 -current package:\na5de61c73e918f8cc3f389cee0fd6d0b n/irssi-1.0.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg irssi-1.0.5-i586-1_slack14.2.txz", "modified": "2017-10-25T12:09:33", "published": "2017-10-25T12:09:33", "id": "SSA-2017-298-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.439610", "title": "irssi", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:33:35", "bulletinFamily": "scanner", "description": "This security update for irssi to version 1.0.5 addresses the following security issues :\n\n - CVE-2017-15228: When installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string. This issue could have resulted in denial of service (remote crash) when installing a malicious or broken theme file.\n\n - CVE-2017-15227: While waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on.\n This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd.\n\n - CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference. This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd.\n\n - CVE-2017-15723: Overlong nicks or targets may result in a NULL pointer dereference while splitting the message.\n This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd.\n\n - CVE-2017-15722: In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.", "modified": "2018-01-26T00:00:00", "id": "OPENSUSE-2017-1189.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104114", "published": "2017-10-24T00:00:00", "title": "openSUSE Security Update : irssi (openSUSE-2017-1189)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1189.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104114);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:32:51 $\");\n\n script_cve_id(\"CVE-2017-15227\", \"CVE-2017-15228\", \"CVE-2017-15721\", \"CVE-2017-15722\", \"CVE-2017-15723\");\n\n script_name(english:\"openSUSE Security Update : irssi (openSUSE-2017-1189)\");\n script_summary(english:\"Check for the openSUSE-2017-1189 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update for irssi to version 1.0.5 addresses the\nfollowing security issues :\n\n - CVE-2017-15228: When installing themes with unterminated\n colour formatting sequences, Irssi may access data\n beyond the end of the string. This issue could have\n resulted in denial of service (remote crash) when\n installing a malicious or broken theme file.\n\n - CVE-2017-15227: While waiting for the channel\n synchronisation, Irssi may incorrectly fail to remove\n destroyed channels from the query list, resulting in use\n after free conditions when updating the state later on.\n This issue could have caused denial of service (remote\n crash) when connecting to a malicious or broken ircd.\n\n - CVE-2017-15721: Certain incorrectly formatted DCC CTCP\n messages could cause NULL pointer dereference. This\n issue could have caused denial of service (remote crash)\n when connecting to a malicious or broken ircd.\n\n - CVE-2017-15723: Overlong nicks or targets may result in\n a NULL pointer dereference while splitting the message.\n This issue could have caused denial of service (remote\n crash) when connecting to a malicious or broken ircd.\n\n - CVE-2017-15722: In certain cases Irssi may fail to\n verify that a Safe channel ID is long enough, causing\n reads beyond the end of the string.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected irssi packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:irssi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:irssi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:irssi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:irssi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"irssi-1.0.5-14.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"irssi-debuginfo-1.0.5-14.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"irssi-debugsource-1.0.5-14.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"irssi-devel-1.0.5-14.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"irssi-1.0.5-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"irssi-debuginfo-1.0.5-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"irssi-debugsource-1.0.5-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"irssi-devel-1.0.5-17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irssi / irssi-debuginfo / irssi-debugsource / irssi-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:34:07", "bulletinFamily": "scanner", "description": "According to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.(CVE-2017-15228)\n\n - Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.(CVE-2017-15227)\n\n - In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.(CVE-2017-15721)\n\n - In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.(CVE-2017-15722)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2017-1283.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104902", "published": "2017-12-01T00:00:00", "title": "EulerOS 2.0 SP1 : irssi (EulerOS-SA-2017-1283)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104902);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2017-15227\",\n \"CVE-2017-15228\",\n \"CVE-2017-15721\",\n \"CVE-2017-15722\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : irssi (EulerOS-SA-2017-1283)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the irssi package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Irssi before 1.0.5, when installing themes with\n unterminated colour formatting sequences, may access\n data beyond the end of the string.(CVE-2017-15228)\n\n - Irssi before 1.0.5, while waiting for the channel\n synchronisation, may incorrectly fail to remove\n destroyed channels from the query list, resulting in\n use-after-free conditions when updating the state later\n on.(CVE-2017-15227)\n\n - In Irssi before 1.0.5, certain incorrectly formatted\n DCC CTCP messages could cause a NULL pointer\n dereference. This is a separate, but similar, issue\n relative to CVE-2017-9468.(CVE-2017-15721)\n\n - In certain cases, Irssi before 1.0.5 may fail to verify\n that a Safe channel ID is long enough, causing reads\n beyond the end of the string.(CVE-2017-15722)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1283\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?10fd8846\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected irssi packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:irssi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"irssi-0.8.15-16.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irssi\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:34:07", "bulletinFamily": "scanner", "description": "According to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.(CVE-2017-15228)\n\n - Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.(CVE-2017-15227)\n\n - In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.(CVE-2017-15721)\n\n - In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.(CVE-2017-15722)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2017-1284.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104903", "published": "2017-12-01T00:00:00", "title": "EulerOS 2.0 SP2 : irssi (EulerOS-SA-2017-1284)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104903);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2017-15227\",\n \"CVE-2017-15228\",\n \"CVE-2017-15721\",\n \"CVE-2017-15722\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : irssi (EulerOS-SA-2017-1284)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the irssi package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Irssi before 1.0.5, when installing themes with\n unterminated colour formatting sequences, may access\n data beyond the end of the string.(CVE-2017-15228)\n\n - Irssi before 1.0.5, while waiting for the channel\n synchronisation, may incorrectly fail to remove\n destroyed channels from the query list, resulting in\n use-after-free conditions when updating the state later\n on.(CVE-2017-15227)\n\n - In Irssi before 1.0.5, certain incorrectly formatted\n DCC CTCP messages could cause a NULL pointer\n dereference. This is a separate, but similar, issue\n relative to CVE-2017-9468.(CVE-2017-15721)\n\n - In certain cases, Irssi before 1.0.5 may fail to verify\n that a Safe channel ID is long enough, causing reads\n beyond the end of the string.(CVE-2017-15722)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1284\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9058205\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected irssi packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:irssi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"irssi-0.8.15-16.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irssi\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:33:31", "bulletinFamily": "scanner", "description": "Irssi reports :\n\nWhen installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string.\n\nWhile waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on.\n\nCertain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference.\n\nOverlong nicks or targets may result in a NULL pointer dereference while splitting the message.\n\nIn certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_85E2C7EBB74B11E785465CF3FCFDD1F1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104062", "published": "2017-10-23T00:00:00", "title": "FreeBSD : irssi -- multiple vulnerabilities (85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104062);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:46\");\n\n script_cve_id(\"CVE-2017-15227\", \"CVE-2017-15228\", \"CVE-2017-15721\", \"CVE-2017-15722\", \"CVE-2017-15723\");\n\n script_name(english:\"FreeBSD : irssi -- multiple vulnerabilities (85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Irssi reports :\n\nWhen installing themes with unterminated colour formatting sequences,\nIrssi may access data beyond the end of the string.\n\nWhile waiting for the channel synchronisation, Irssi may incorrectly\nfail to remove destroyed channels from the query list, resulting in\nuse after free conditions when updating the state later on.\n\nCertain incorrectly formatted DCC CTCP messages could cause NULL\npointer dereference.\n\nOverlong nicks or targets may result in a NULL pointer dereference\nwhile splitting the message.\n\nIn certain cases Irssi may fail to verify that a Safe channel ID is\nlong enough, causing reads beyond the end of the string.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://irssi.org/security/irssi_sa_2017_10.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223169\"\n );\n # https://vuxml.freebsd.org/freebsd/85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3484e00c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:irssi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"irssi<1.0.5,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:37", "bulletinFamily": "scanner", "description": "New irssi packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "modified": "2018-01-26T00:00:00", "published": "2017-10-26T00:00:00", "id": "SLACKWARE_SSA_2017-298-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104146", "title": "Slackware 14.0 / 14.1 / 14.2 / current : irssi (SSA:2017-298-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-298-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104146);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:57:43 $\");\n\n script_cve_id(\"CVE-2017-15227\", \"CVE-2017-15228\", \"CVE-2017-15721\", \"CVE-2017-15722\", \"CVE-2017-15723\");\n script_xref(name:\"SSA\", value:\"2017-298-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : irssi (SSA:2017-298-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New irssi packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.439610\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aef29d58\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected irssi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:irssi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"irssi\", pkgver:\"1.0.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"irssi\", pkgver:\"1.0.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"irssi\", pkgver:\"1.0.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"irssi\", pkgver:\"1.0.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"irssi\", pkgver:\"1.0.5\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"irssi\", pkgver:\"1.0.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"irssi\", pkgver:\"1.0.5\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"irssi\", pkgver:\"1.0.5\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:33:37", "bulletinFamily": "scanner", "description": "Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service.\n(CVE-2017-10965)\n\nBrian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10966)\n\nJoseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service.\n(CVE-2017-15227)\n\nHanno Bock discovered that Irssi incorrectly handled themes. If a user were tricked into using a malicious theme, a attacker could use this issue to cause Irssi to crash, resulting in a denial of service.\n(CVE-2017-15228)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain DCC CTCP messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15721)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain channel IDs. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15722)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain long nicks or targets. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15723).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-3465-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104212", "published": "2017-10-27T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : irssi vulnerabilities (USN-3465-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3465-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104212);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/12/01 15:12:41\");\n\n script_cve_id(\"CVE-2017-10965\", \"CVE-2017-10966\", \"CVE-2017-15227\", \"CVE-2017-15228\", \"CVE-2017-15721\", \"CVE-2017-15722\", \"CVE-2017-15723\");\n script_xref(name:\"USN\", value:\"3465-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : irssi vulnerabilities (USN-3465-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brian Carpenter discovered that Irssi incorrectly handled messages\nwith invalid time stamps. A malicious IRC server could use this issue\nto cause Irssi to crash, resulting in a denial of service.\n(CVE-2017-10965)\n\nBrian Carpenter discovered that Irssi incorrectly handled the internal\nnick list. A malicious IRC server could use this issue to cause Irssi\nto crash, resulting in a denial of service. (CVE-2017-10966)\n\nJoseph Bisch discovered that Irssi incorrectly removed destroyed\nchannels from the query list. A malicious IRC server could use this\nissue to cause Irssi to crash, resulting in a denial of service.\n(CVE-2017-15227)\n\nHanno Bock discovered that Irssi incorrectly handled themes. If a\nuser were tricked into using a malicious theme, a attacker could use\nthis issue to cause Irssi to crash, resulting in a denial of service.\n(CVE-2017-15228)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain DCC\nCTCP messages. A malicious IRC server could use this issue to cause\nIrssi to crash, resulting in a denial of service. (CVE-2017-15721)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain channel\nIDs. A malicious IRC server could use this issue to cause Irssi to\ncrash, resulting in a denial of service. (CVE-2017-15722)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain long\nnicks or targets. A malicious IRC server could use this issue to cause\nIrssi to crash, resulting in a denial of service. (CVE-2017-15723).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3465-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected irssi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irssi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"irssi\", pkgver:\"0.8.15-5ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"irssi\", pkgver:\"0.8.19-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"irssi\", pkgver:\"0.8.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"irssi\", pkgver:\"1.0.4-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irssi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:34:41", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client, which may lead to denial of service or other unspecified impact.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 0.8.15-5+deb7u4.\n\nWe recommend that you upgrade your irssi packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-09T00:00:00", "id": "DEBIAN_DLA-1217.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=105424", "published": "2017-12-26T00:00:00", "title": "Debian DLA-1217-1 : irssi security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1217-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105424);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2017-15227\", \"CVE-2017-15228\", \"CVE-2017-15721\", \"CVE-2017-15722\", \"CVE-2017-5193\", \"CVE-2017-5194\", \"CVE-2017-5356\");\n\n script_name(english:\"Debian DLA-1217-1 : irssi security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in Irssi, a terminal\nbased IRC client, which may lead to denial of service or other\nunspecified impact.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.8.15-5+deb7u4.\n\nWe recommend that you upgrade your irssi packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/irssi\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected irssi, and irssi-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:irssi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:irssi-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"irssi\", reference:\"0.8.15-5+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"irssi-dev\", reference:\"0.8.15-5+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:33:50", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2017-10965 Brian 'geeknik' Carpenter of Geeknik Labs discovered that Irssi does not properly handle receiving messages with invalid time stamps. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.\n\n - CVE-2017-10966 Brian 'geeknik' Carpenter of Geeknik Labs discovered that Irssi is susceptible to a use-after-free flaw triggered while updating the internal nick list. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.\n\n - CVE-2017-15227 Joseph Bisch discovered that while waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.\n\n - CVE-2017-15228 Hanno Boeck reported that Irssi does not properly handle installing themes with unterminated colour formatting sequences, leading to a denial of service if a user is tricked into installing a specially crafted theme.\n\n - CVE-2017-15721 Joseph Bisch discovered that Irssi does not properly handle incorrectly formatted DCC CTCP messages. A remote attacker can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.\n\n - CVE-2017-15722 Joseph Bisch discovered that Irssi does not properly verify Safe channel IDs. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.\n\n - CVE-2017-15723 Joseph Bisch reported that Irssi does not properly handle overlong nicks or targets resulting in a NULL pointer dereference when splitting the message and leading to a denial of service.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-4016.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104400", "published": "2017-11-06T00:00:00", "title": "Debian DSA-4016-1 : irssi - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4016. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104400);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2017-10965\", \"CVE-2017-10966\", \"CVE-2017-15227\", \"CVE-2017-15228\", \"CVE-2017-15721\", \"CVE-2017-15722\", \"CVE-2017-15723\");\n script_xref(name:\"DSA\", value:\"4016\");\n\n script_name(english:\"Debian DSA-4016-1 : irssi - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in Irssi, a terminal\nbased IRC client. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2017-10965\n Brian 'geeknik' Carpenter of Geeknik Labs discovered\n that Irssi does not properly handle receiving messages\n with invalid time stamps. A malicious IRC server can\n take advantage of this flaw to cause Irssi to crash,\n resulting in a denial of service.\n\n - CVE-2017-10966\n Brian 'geeknik' Carpenter of Geeknik Labs discovered\n that Irssi is susceptible to a use-after-free flaw\n triggered while updating the internal nick list. A\n malicious IRC server can take advantage of this flaw to\n cause Irssi to crash, resulting in a denial of service.\n\n - CVE-2017-15227\n Joseph Bisch discovered that while waiting for the\n channel synchronisation, Irssi may incorrectly fail to\n remove destroyed channels from the query list, resulting\n in use after free conditions when updating the state\n later on. A malicious IRC server can take advantage of\n this flaw to cause Irssi to crash, resulting in a denial\n of service.\n\n - CVE-2017-15228\n Hanno Boeck reported that Irssi does not properly handle\n installing themes with unterminated colour formatting\n sequences, leading to a denial of service if a user is\n tricked into installing a specially crafted theme.\n\n - CVE-2017-15721\n Joseph Bisch discovered that Irssi does not properly\n handle incorrectly formatted DCC CTCP messages. A remote\n attacker can take advantage of this flaw to cause Irssi\n to crash, resulting in a denial of service.\n\n - CVE-2017-15722\n Joseph Bisch discovered that Irssi does not properly\n verify Safe channel IDs. A malicious IRC server can take\n advantage of this flaw to cause Irssi to crash,\n resulting in a denial of service.\n\n - CVE-2017-15723\n Joseph Bisch reported that Irssi does not properly\n handle overlong nicks or targets resulting in a NULL\n pointer dereference when splitting the message and\n leading to a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-15227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-15228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-15721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-15722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-15723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/irssi\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/irssi\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4016\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the irssi packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 0.8.17-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.0.2-1+deb9u3. CVE-2017-10965 and CVE-2017-10966 were\nalready fixed in an earlier point release.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:irssi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"irssi\", reference:\"0.8.17-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"irssi-dbg\", reference:\"0.8.17-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"irssi-dev\", reference:\"0.8.17-1+deb8u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"irssi\", reference:\"1.0.2-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"irssi-dev\", reference:\"1.0.2-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:07", "bulletinFamily": "unix", "description": "\nIrssi reports:\n\nWhen installing themes with unterminated colour formatting\n\t sequences, Irssi may access data beyond the end of the string.\nWhile waiting for the channel synchronisation, Irssi may\n\t incorrectly fail to remove destroyed channels from the query list,\n\t resulting in use after free conditions when updating the state later\n\t on.\nCertain incorrectly formatted DCC CTCP messages could cause NULL\n\t pointer dereference.\nOverlong nicks or targets may result in a NULL pointer dereference\n\t while splitting the message.\nIn certain cases Irssi may fail to verify that a Safe channel ID\n\t is long enough, causing reads beyond the end of the string.\n\n", "modified": "2017-12-31T00:00:00", "published": "2017-10-10T00:00:00", "id": "85E2C7EB-B74B-11E7-8546-5CF3FCFDD1F1", "href": "https://vuxml.freebsd.org/freebsd/85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1.html", "title": "irssi -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in Irssi, a terminal based\nIRC client. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-10965Brian geeknik\nCarpenter of Geeknik Labs discovered that Irssi does\nnot properly handle receiving messages with invalid time stamps. A\nmalicious IRC server can take advantage of this flaw to cause Irssi\nto crash, resulting in a denial of service.\n\nCVE-2017-10966Brian geeknik\nCarpenter of Geeknik Labs discovered that Irssi is\nsusceptible to a use-after-free flaw triggered while updating the\ninternal nick list. A malicious IRC server can take advantage of\nthis flaw to cause Irssi to crash, resulting in a denial of service.\n\nCVE-2017-15227\nJoseph Bisch discovered that while waiting for the channel\nsynchronisation, Irssi may incorrectly fail to remove destroyed\nchannels from the query list, resulting in use after free conditions\nwhen updating the state later on. A malicious IRC server can take\nadvantage of this flaw to cause Irssi to crash, resulting in a\ndenial of service.\n\nCVE-2017-15228\nHanno Boeck reported that Irssi does not properly handle installing\nthemes with unterminated colour formatting sequences, leading to a\ndenial of service if a user is tricked into installing a specially\ncrafted theme.\n\nCVE-2017-15721\nJoseph Bisch discovered that Irssi does not properly handle\nincorrectly formatted DCC CTCP messages. A remote attacker can take\nadvantage of this flaw to cause Irssi to crash, resulting in a\ndenial of service.\n\nCVE-2017-15722\nJoseph Bisch discovered that Irssi does not properly verify Safe\nchannel IDs. A malicious IRC server can take advantage of this flaw\nto cause Irssi to crash, resulting in a denial of service.\n\nCVE-2017-15723\nJoseph Bisch reported that Irssi does not properly handle overlong\nnicks or targets resulting in a NULL pointer dereference when\nsplitting the message and leading to a denial of service.", "modified": "2019-03-18T00:00:00", "published": "2017-11-03T00:00:00", "id": "OPENVAS:1361412562310704016", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704016", "title": "Debian Security Advisory DSA 4016-1 (irssi - security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4016.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4016-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704016\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-10965\", \"CVE-2017-10966\", \"CVE-2017-15227\", \"CVE-2017-15228\", \"CVE-2017-15721\", \"CVE-2017-15722\", \"CVE-2017-15723\");\n script_name(\"Debian Security Advisory DSA 4016-1 (irssi - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-03 00:00:00 +0100 (Fri, 03 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4016.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"irssi on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 0.8.17-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-1+deb9u3. CVE-2017-10965 and CVE-2017-10966\nwere already\nfixed in an earlier point release.\n\nWe recommend that you upgrade your irssi packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in Irssi, a terminal based\nIRC client. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-10965Brian geeknik\nCarpenter of Geeknik Labs discovered that Irssi does\nnot properly handle receiving messages with invalid time stamps. A\nmalicious IRC server can take advantage of this flaw to cause Irssi\nto crash, resulting in a denial of service.\n\nCVE-2017-10966Brian geeknik\nCarpenter of Geeknik Labs discovered that Irssi is\nsusceptible to a use-after-free flaw triggered while updating the\ninternal nick list. A malicious IRC server can take advantage of\nthis flaw to cause Irssi to crash, resulting in a denial of service.\n\nCVE-2017-15227\nJoseph Bisch discovered that while waiting for the channel\nsynchronisation, Irssi may incorrectly fail to remove destroyed\nchannels from the query list, resulting in use after free conditions\nwhen updating the state later on. A malicious IRC server can take\nadvantage of this flaw to cause Irssi to crash, resulting in a\ndenial of service.\n\nCVE-2017-15228\nHanno Boeck reported that Irssi does not properly handle installing\nthemes with unterminated colour formatting sequences, leading to a\ndenial of service if a user is tricked into installing a specially\ncrafted theme.\n\nCVE-2017-15721\nJoseph Bisch discovered that Irssi does not properly handle\nincorrectly formatted DCC CTCP messages. A remote attacker can take\nadvantage of this flaw to cause Irssi to crash, resulting in a\ndenial of service.\n\nCVE-2017-15722\nJoseph Bisch discovered that Irssi does not properly verify Safe\nchannel IDs. A malicious IRC server can take advantage of this flaw\nto cause Irssi to crash, resulting in a denial of service.\n\nCVE-2017-15723\nJoseph Bisch reported that Irssi does not properly handle overlong\nnicks or targets resulting in a NULL pointer dereference when\nsplitting the message and leading to a denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"irssi\", ver:\"1.0.2-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"1.0.2-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.17-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"irssi-dbg\", ver:\"0.8.17-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.17-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-10-27T00:00:00", "id": "OPENVAS:1361412562310843350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843350", "title": "Ubuntu Update for irssi USN-3465-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3465_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for irssi USN-3465-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843350\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 14:32:10 +0200 (Fri, 27 Oct 2017)\");\n script_cve_id(\"CVE-2017-10965\", \"CVE-2017-10966\", \"CVE-2017-15227\", \"CVE-2017-15228\",\n \"CVE-2017-15721\", \"CVE-2017-15722\", \"CVE-2017-15723\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for irssi USN-3465-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'irssi'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Brian Carpenter discovered that Irssi\n incorrectly handled messages with invalid time stamps. A malicious IRC server\n could use this issue to cause Irssi to crash, resulting in a denial of service.\n (CVE-2017-10965) Brian Carpenter discovered that Irssi incorrectly handled the\n internal nick list. A malicious IRC server could use this issue to cause Irssi\n to crash, resulting in a denial of service. (CVE-2017-10966) Joseph Bisch\n discovered that Irssi incorrectly removed destroyed channels from the query\n list. A malicious IRC server could use this issue to cause Irssi to crash,\n resulting in a denial of service. (CVE-2017-15227) Hanno Bck discovered that\n Irssi incorrectly handled themes. If a user were tricked into using a malicious\n theme, a attacker could use this issue to cause Irssi to crash, resulting in a\n denial of service. (CVE-2017-15228) Joseph Bisch discovered that Irssi\n incorrectly handled certain DCC CTCP messages. A malicious IRC server could use\n this issue to cause Irssi to crash, resulting in a denial of service.\n (CVE-2017-15721) Joseph Bisch discovered that Irssi incorrectly handled certain\n channel IDs. A malicious IRC server could use this issue to cause Irssi to\n crash, resulting in a denial of service. (CVE-2017-15722) Joseph Bisch\n discovered that Irssi incorrectly handled certain long nicks or targets. A\n malicious IRC server could use this issue to cause Irssi to crash, resulting in\n a denial of service. (CVE-2017-15723)\");\n script_tag(name:\"affected\", value:\"irssi on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3465-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3465-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.15-5ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.20-2ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.19-1ubuntu1.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:29", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4016-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 03, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : irssi\nCVE ID : CVE-2017-10965 CVE-2017-10966 CVE-2017-15227 CVE-2017-15228\n CVE-2017-15721 CVE-2017-15722 CVE-2017-15723\nDebian Bug : 867598 879521\n\nMultiple vulnerabilities have been discovered in Irssi, a terminal based\nIRC client. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-10965\n\n Brian &#x27;geeknik&#x27; Carpenter of Geeknik Labs discovered that Irssi does\n not properly handle receiving messages with invalid time stamps. A\n malicious IRC server can take advantage of this flaw to cause Irssi\n to crash, resulting in a denial of service.\n\nCVE-2017-10966\n\n Brian &#x27;geeknik&#x27; Carpenter of Geeknik Labs discovered that Irssi is\n susceptible to a use-after-free flaw triggered while updating the\n internal nick list. A malicious IRC server can take advantage of\n this flaw to cause Irssi to crash, resulting in a denial of service.\n\nCVE-2017-15227\n\n Joseph Bisch discovered that while waiting for the channel\n synchronisation, Irssi may incorrectly fail to remove destroyed\n channels from the query list, resulting in use after free conditions\n when updating the state later on. A malicious IRC server can take\n advantage of this flaw to cause Irssi to crash, resulting in a\n denial of service.\n\nCVE-2017-15228\n\n Hanno Boeck reported that Irssi does not properly handle installing\n themes with unterminated colour formatting sequences, leading to a\n denial of service if a user is tricked into installing a specially\n crafted theme.\n\nCVE-2017-15721\n\n Joseph Bisch discovered that Irssi does not properly handle\n incorrectly formatted DCC CTCP messages. A malicious IRC server can\n take advantage of this flaw to cause Irssi to crash, resulting in a\n denial of service.\n\nCVE-2017-15722\n\n Joseph Bisch discovered that Irssi does not properly verify Safe\n channel IDs. A malicious IRC server can take advantage of this flaw\n to cause Irssi to crash, resulting in a denial of service.\n\nCVE-2017-15723\n\n Joseph Bisch reported that Irssi does not properly handle overlong\n nicks or targets resulting in a NULL pointer dereference when\n splitting the message and leading to a denial of service.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 0.8.17-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-1+deb9u3. CVE-2017-10965 and CVE-2017-10966 were already\nfixed in an earlier point release.\n\nWe recommend that you upgrade your irssi packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-11-03T19:51:52", "published": "2017-11-03T19:51:52", "id": "DEBIAN:DSA-4016-1:AC5F8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00278.html", "title": "[SECURITY] [DSA 4016-1] irssi security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:25", "bulletinFamily": "unix", "description": "Package : irssi\nVersion : 0.8.15-5+deb7u4\nCVE ID : CVE-2017-5193 CVE-2017-5194 CVE-2017-5356 CVE-2017-15227\n CVE-2017-15228 CVE-2017-15721 CVE-2017-15722\nDebian Bug : 879521\n\nMultiple vulnerabilities have been discovered in Irssi, a terminal based\nIRC client, which may lead to denial of service or other unspecified\nimpact.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n0.8.15-5+deb7u4.\n\nWe recommend that you upgrade your irssi packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-12-23T13:17:24", "published": "2017-12-23T13:17:24", "id": "DEBIAN:DLA-1217-1:DD52D", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201712/msg00022.html", "title": "[SECURITY] [DLA 1217-1] irssi security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:24", "bulletinFamily": "unix", "description": "Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10965)\n\nBrian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10966)\n\nJoseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15227)\n\nHanno B\u00c3\u00b6ck discovered that Irssi incorrectly handled themes. If a user were tricked into using a malicious theme, a attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15228)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain DCC CTCP messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15721)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain channel IDs. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15722)\n\nJoseph Bisch discovered that Irssi incorrectly handled certain long nicks or targets. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15723)", "modified": "2017-10-26T00:00:00", "published": "2017-10-26T00:00:00", "id": "USN-3465-1", "href": "https://usn.ubuntu.com/3465-1/", "title": "Irssi vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}