8 matches found
CVE-2007-4409
CVE-2007-4409 describes a race condition in ircu versions 2.10.12.01–2.10.12.05 that can let remote attackers gain an Apass during a netburst by pre-granting ops privileges before the mode arrives. This is a privilege-change vulnerability in the IRC server component. Impact: potential privilege e...
CVE-2007-4406
CVE-2007-4406 affects ircu 2.10.12.01 through 2.10.12.04. The issue arises because ops privilege is not removed after a join from a server with an older timestamp, enabling remote attackers to gain control of a channel during a split. The available sources confirm the vulnerability details and af...
CVE-2007-4407
CVE-2007-4407 affects ircu versions 2.10.12.03 and 2.10.12.04. The flaw does not associate a timestamp with ops privilege on an unused channel (zannel), enabling remote attackers to manipulate channel modes via a netriding attack or to take over a channel by joining an unlinked server with A/Upas...
CVE-2007-4410
Affected software: ircu (IRC daemon) versions 2.10.12.05 and earlier. Issue: a synchronization flaw in handling kick actions in certain cross scenarios. Root cause: kick actions are not properly synchronized, enabling remote authenticated operators to block or override subsequent kick or de-op ac...
CVE-2007-4405
CVE-2007-4405 affects ircu 2.10.12.02 through 2.10.12.04. The issue allows remote attackers to cause a denial of service by creating a large number of unused channels (zannels), consuming memory and bandwidth. All other details, including a confirmed remediation or patch version, are not provided...
CVE-2007-4404
CVE-2007-4404 affects ircu 2.10.12.01. The issue permits remote denial-of-service via: (1) protocol violation when joining two channels with long names differing in the final character (flood wallops); (2) a daemon crash triggered by a "J 0:#channel" message on a channel without an apass; and (3)...
CVE-2007-4408
CVE-2007-4408 affects ircu 2.10.12.05 and earlier. The issue is that ircu ignores timestamps in bounces, enabling remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking. The connected documents confirm the affect...
CVE-2007-4411
CVE-2007-4411 affects ircu 2.10.12.05 and earlier. The issue allows remote attackers to reveal the hidden IP address of arbitrary +x users by issuing a sequence of /silence commands using either (1) CIDR mask arguments or (2) other arguments that map to IP groups, and then observing CTCP ping rep...