atheme-services -- multiple vulnerabilities

2016-01-09T00:00:00
ID E47AB5DB-C333-11E6-AE1B-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2016-01-09T00:00:00

Description

Mitre reports:

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.