Lucene search
Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-800-1.NASLHistoryJul 14, 2009 - 12:00 a.m.
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : irssi vulnerability (USN-800-1)
2009-07-1400:00:00
Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
It was discovered that irssi did not properly check the length of strings when processing WALLOPS messages. If a user connected to an IRC network where an attacker had IRC operator privileges, a remote attacker could cause a denial of service.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-800-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(39787);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2009-1959");
script_bugtraq_id(35399);
script_xref(name:"USN", value:"800-1");
script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : irssi vulnerability (USN-800-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that irssi did not properly check the length of
strings when processing WALLOPS messages. If a user connected to an
IRC network where an attacker had IRC operator privileges, a remote
attacker could cause a denial of service.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/800-1/"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected irssi, irssi-dev and / or irssi-text packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(189);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:irssi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:irssi-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:irssi-text");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
script_set_attribute(attribute:"patch_publication_date", value:"2009/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"6.06", pkgname:"irssi", pkgver:"0.8.10-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"irssi-dev", pkgver:"0.8.10-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"irssi-text", pkgver:"0.8.10-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"irssi", pkgver:"0.8.12-3ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"irssi-dev", pkgver:"0.8.12-3ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"irssi", pkgver:"0.8.12-4ubuntu2.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"irssi-dev", pkgver:"0.8.12-4ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"irssi", pkgver:"0.8.12-6ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"irssi-dev", pkgver:"0.8.12-6ubuntu1.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irssi / irssi-dev / irssi-text");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | irssi | p-cpe:/a:canonical:ubuntu_linux:irssi |
| canonical | ubuntu_linux | irssi-dev | p-cpe:/a:canonical:ubuntu_linux:irssi-dev |
| canonical | ubuntu_linux | irssi-text | p-cpe:/a:canonical:ubuntu_linux:irssi-text |
| canonical | ubuntu_linux | 6.06 | cpe:/o:canonical:ubuntu_linux:6.06:-:lts |
| canonical | ubuntu_linux | 8.04 | cpe:/o:canonical:ubuntu_linux:8.04:-:lts |
| canonical | ubuntu_linux | 8.10 | cpe:/o:canonical:ubuntu_linux:8.10 |
| canonical | ubuntu_linux | 9.04 | cpe:/o:canonical:ubuntu_linux:9.04 |
Related
securityvulns
securityvulns
irssi off-by-one buffer overflow
2009-06-17 00:00:00
[ MDVSA-2009:133 ] irssi
2009-06-17 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : irssi (MDVSA-2009:133-1)
2009-06-17 00:00:00
openSUSE Security Update : irssi (irssi-1004)
2009-07-21 00:00:00
openSUSE 10 Security Update : irssi (irssi-6304)
2009-06-17 00:00:00
prion
prion
Buffer overflow
2009-06-08 01:00:00
openvas
openvas
Fedora Update for irssi FEDORA-2010-6618
2010-06-25 00:00:00
Mandriva Security Advisory MDVSA-2009:133-1 (irssi)
2009-12-14 00:00:00
Irssi Off-by-one Read/Write DoS Vulnerability (Linux)
2009-06-19 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: irssi-0.8.15-1.fc11
2010-06-21 12:59:07
[SECURITY] Fedora 10 Update: irssi-0.8.13-3.fc10
2009-08-31 23:38:39
[SECURITY] Fedora 11 Update: irssi-0.8.13-3.fc11
2009-08-03 19:26:58
cve
cve
CVE-2009-1959
2009-06-08 01:00:00
ubuntucve
ubuntucve
CVE-2009-1959
2009-06-08 00:00:00
redhatcve
redhatcve
CVE-2009-1959
2019-10-04 21:44:02
ubuntu
ubuntu
irssi vulnerability
2009-07-13 00:00:00
gentoo
gentoo
irssi: Execution of arbitrary code
2009-09-12 00:00:00
debiancve
debiancve
CVE-2009-1959
2009-06-08 01:00:00
Related for UBUNTU_USN-800-1.NASL