206 matches found
Authentication flaw
The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...
UBUNTU-CVE-2016-7142
The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...
CVE-2016-7142
The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...
CVE-2016-7142
CVE-2016-7142 describes an authentication spoofing flaw in the InspIRCd m_sasl module prior to 2.0.23 when used with a SASL_EXTERNAL service. A remote attacker can craft a SASL message to spoof certificate fingerprints and log in as another user. Multiple connected sources (OSV entries and NVD) c...
CVE-2016-7142
The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...
CVE-2016-7142
The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...
Debian DSA-3662-1 : inspircd - security update
It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3662. The text...
[SECURITY] [DSA 3662-1] inspircd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 08, 2016 https://www.debian.org/security/faq -...
PT-2016-7233 · Inspircd +2 · Inspircd +2
Name of the Vulnerable Software and Affected Versions: InspIRCd versions prior to 2.0.23 Description: The issue allows remote attackers to spoof certificate fingerprints, enabling them to log in as another user by sending a crafted SASL message when the m sasl module is used with a service that...
Debian Security Advisory DSA 3662-1 (inspircd - security update)
It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. OpenVAS Vulnerability Test $Id: deb3662.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3662-1 using nvtgen 1.0 Script version: 1.0 Author:...
DSA-3662-1 inspircd - security update
Bulletin has no description...
FreeBSD : inspircd -- authentication bypass vulnerability (70c85c93-743c-11e6-a590-14dae9d210b8)
Adam reports : A serious vulnerability exists in when using msasl in combination with any services that support SASL EXTERNAL. To be vulnerable you must have msasl loaded, and have services which support SASL EXTERNAL authentication. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian: Security Advisory (DSA-3662-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Inspircd SSL Certificate Spoofing Vulnerability
InspIRCd is an extensible and modular Internet Relay Chat IRC server written in C++ for Linux, BSD, Windows and Mac OS X systems. Inspircd suffers from a security vulnerability. An attacker can exploit this vulnerability to spoof valid certificates...
inspircd -- authentication bypass vulnerability
Adam reports: A serious vulnerability exists in when using msasl in combination with any services that support SASL EXTERNAL. To be vulnerable you must have msasl loaded, and have services which support SASL EXTERNAL authentication...
CVE-2015-8702
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service netsplit via an invalid character in a PTR response, as demonstrated by a "\032" whitespace character in a hostname...
CVE-2015-8702
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service netsplit via an invalid character in a PTR response, as demonstrated by a "\032" whitespace character in a hostname...
DEBIAN-CVE-2015-8702
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service netsplit via an invalid character in a PTR response, as demonstrated by a "\032" whitespace character in a hostname...
UBUNTU-CVE-2015-8702
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service netsplit via an invalid character in a PTR response, as demonstrated by a "\032" whitespace character in a hostname...
Default credentials
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service netsplit via an invalid character in a PTR response, as demonstrated by a "\032" whitespace character in a hostname...