Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200909-13
HistorySep 12, 2009 - 12:00 a.m.

irssi: Execution of arbitrary code

2009-09-1200:00:00
Gentoo Foundation
security.gentoo.org
11

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.058 Low

EPSS

Percentile

93.3%

JSON

Background

irssi is a modular textUI IRC client with IPv6 support.

Description

Nemo discovered an off-by-one error leading to a heap overflow in irssi’s event_wallops() parsing function.

Impact

A remote attacker might entice a user to connect to a malicious IRC server, use a man-in-the-middle attack to redirect a user to such a server or use ircop rights to send a specially crafted WALLOPS message, which might result in the execution of arbitrary code with the privileges of the user running irssi.

Workaround

There is no known workaround at this time.

Resolution

All irssi users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/irssi-0.8.13-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-irc/irssi< 0.8.13-r1UNKNOWN

Related

securityvulns 2
nessus 8
prion 1
openvas 21
fedora 3
cve 1
ubuntucve 1
ubuntu 1
redhatcve 1
debiancve 1
securityvulns
securityvulns
irssi off-by-one buffer overflow
2009-06-17 00:00:00
[ MDVSA-2009:133 ] irssi
2009-06-17 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : irssi (MDVSA-2009:133-1)
2009-06-17 00:00:00
openSUSE Security Update : irssi (irssi-1004)
2009-07-21 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : irssi vulnerability (USN-800-1)
2009-07-14 00:00:00
prion
prion
Buffer overflow
2009-06-08 01:00:00
openvas
openvas
Mandriva Security Advisory MDVSA-2009:133-1 (irssi)
2009-12-14 00:00:00
Fedora Update for irssi FEDORA-2010-6618
2010-06-25 00:00:00
Irssi Off-by-one Read/Write DoS Vulnerability (Linux)
2009-06-19 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: irssi-0.8.15-1.fc11
2010-06-21 12:59:07
[SECURITY] Fedora 10 Update: irssi-0.8.13-3.fc10
2009-08-31 23:38:39
[SECURITY] Fedora 11 Update: irssi-0.8.13-3.fc11
2009-08-03 19:26:58
cve
cve
CVE-2009-1959
2009-06-08 01:00:00
ubuntucve
ubuntucve
CVE-2009-1959
2009-06-08 00:00:00
ubuntu
ubuntu
irssi vulnerability
2009-07-13 00:00:00
redhatcve
redhatcve
CVE-2009-1959
2019-10-04 21:44:02
debiancve
debiancve
CVE-2009-1959
2009-06-08 01:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.058 Low

EPSS

Percentile

93.3%

JSON
Related for GLSA-200909-13
securityvulns2nessus8prion1openvas21fedora3cve1ubuntucve1ubuntu1redhatcve1debiancve1