CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
96.7%
USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a
regression when using irssi with SSL and an IRC proxy. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that irssi did not perform certificate host validation
when using SSL connections. An attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter encrypted
communications. (CVE-2010-1155)
Aurelien Delaitre discovered that irssi could be made to dereference a NULL
pointer when a user left the channel. A remote attacker could cause a
denial of service via application crash. (CVE-2010-1156)
This update also adds SSLv3 and TLSv1 support, while disabling the old,
insecure SSLv2 protocol.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | irssi | < 0.8.14-1ubuntu1.2 | UNKNOWN |
Ubuntu | 9.10 | noarch | irssi-dev | < 0.8.14-1ubuntu1.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | irssi | < 0.8.12-6ubuntu1.3 | UNKNOWN |
Ubuntu | 9.04 | noarch | irssi-dev | < 0.8.12-6ubuntu1.3 | UNKNOWN |
Ubuntu | 8.10 | noarch | irssi | < 0.8.12-4ubuntu2.3 | UNKNOWN |
Ubuntu | 8.10 | noarch | irssi-dev | < 0.8.12-4ubuntu2.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | irssi | < 0.8.12-3ubuntu3.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | irssi-dev | < 0.8.12-3ubuntu3.3 | UNKNOWN |