InspIRCd: Denial of Service

2008-05-09T00:00:00
ID GLSA-200805-08
Type gentoo
Reporter Gentoo Foundation
Modified 2008-05-09T00:00:00

Description

Background

InspIRCd (Inspire IRCd) is a modular C++ IRC daemon.

Description

The "namesx" and "uhnames" modules do not properly validate network input, leading to a buffer overflow.

Impact

A remote attacker can send specially crafted IRC commands to the server, causing a Denial of Service.

Workaround

Unload the "uhnames" module in the InspIRCd configuration.

Resolution

All InspIRCd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/inspircd-1.1.19"