CVE-2013-5580

2013-10-0119:55:09

Debian Security Bug Tracker

security-tracker.debian.org

ngircd

denial of service

conn_startlogin

cb_read_resolver_result

configuration option

noticeauth

assertion failure

server crash

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.027

Percentile

90.7%

JSON

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a “notice auth” message not being sent to a new client.

OSVersionArchitecturePackageVersionFilename
Debian12allngircd< 26.1-1+deb12u1ngircd_26.1-1+deb12u1_all.deb
Debian11allngircd< 26.1-1+deb11u1ngircd_26.1-1+deb11u1_all.deb
Debian999allngircd< 27-2ngircd_27-2_all.deb
Debian13allngircd< 27-2ngircd_27-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ngircd	< 26.1-1+deb12u1	ngircd_26.1-1+deb12u1_all.deb
Debian	11	all	ngircd	< 26.1-1+deb11u1	ngircd_26.1-1+deb11u1_all.deb
Debian	999	all	ngircd	< 27-2	ngircd_27-2_all.deb
Debian	13	all	ngircd	< 27-2	ngircd_27-2_all.deb