Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201204-02
HistoryApr 10, 2012 - 12:00 a.m.

InspIRCd: Arbitrary code execution

2012-04-1000:00:00
Gentoo Foundation
security.gentoo.org
11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.154 Low

EPSS

Percentile

95.9%

JSON

Background

InspIRCd (Inspire IRCd) is a modular C++ IRC daemon

Description

A vulnerability in InspIRCd allows DNS compression features to control the number of overflowed bytes sent to the heap-based buffer “res[]” in dns.cpp.

Impact

A remote attacker could send specially crafted DNS responses, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All InspIRCd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/inspircd-2.0.5-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-irc/inspircd< 2.0.5-r1UNKNOWN

Related

nessus 5
debian 4
openvas 9
securityvulns 4
ubuntucve 3
freebsd 1
prion 3
debiancve 3
cve 3
osv 2
nessus
nessus
Debian DLA-276-1 : inspircd security update
2015-07-20 00:00:00
GLSA-201204-02 : InspIRCd: Arbitrary code execution
2012-06-21 00:00:00
FreeBSD : inspircd -- buffer overflow (f5f00804-a03b-11e1-a284-0023ae8e59f0)
2012-05-18 00:00:00
debian
debian
[SECURITY] [DSA 3226-1] inspircd security update
2015-04-15 15:42:18
[SECURITY] [DSA 2448-1] inspircd security update
2012-04-10 02:35:43
[SECURITY] [DLA 276-1] inspircd security update
2015-07-18 21:43:04
openvas
openvas
Debian: Security Advisory (DSA-2448-1)
2012-04-30 00:00:00
Debian Security Advisory DSA 2448-1 (inspircd)
2012-04-30 00:00:00
FreeBSD Ports: inspircd
2012-05-31 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3226-1] inspircd security update
2015-04-17 00:00:00
InspIRCd buffer overflow
2012-04-24 00:00:00
inspircd security vulnerabilities
2015-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2012-1836
2012-03-22 00:00:00
CVE-2015-6674
2017-04-13 00:00:00
CVE-2012-6696
2017-09-25 00:00:00
freebsd
freebsd
inspircd -- buffer overflow
2012-03-19 00:00:00
prion
prion
Heap overflow
2012-03-22 03:28:00
Buffer overflow
2017-04-13 14:59:00
Design/Logic Flaw
2017-09-25 21:29:00
debiancve
debiancve
CVE-2012-1836
2012-03-22 03:28:00
CVE-2012-6696
2017-09-25 21:29:00
CVE-2015-6674
2017-04-13 14:59:00
cve
cve
CVE-2012-1836
2012-03-22 03:28:00
CVE-2015-6674
2017-04-13 14:59:00
CVE-2012-6696
2017-09-25 21:29:00
osv
osv
inspircd - security update
2015-07-18 00:00:00
inspircd - security update
2015-04-15 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.154 Low

EPSS

Percentile

95.9%

JSON
Related for GLSA-201204-02
nessus5debian4openvas9securityvulns4ubuntucve3freebsd1prion3debiancve3cve3osv2