Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-929-2
HistoryApr 20, 2010 - 12:00 a.m.

irssi regression

2010-04-2000:00:00
ubuntu.com
48

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.254

Percentile

96.7%

JSON

Releases

  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04

Packages

  • irssi -

Details

USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a
regression when using irssi with SSL and an IRC proxy. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that irssi did not perform certificate host validation
when using SSL connections. An attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter encrypted
communications. (CVE-2010-1155)

Aurelien Delaitre discovered that irssi could be made to dereference a NULL
pointer when a user left the channel. A remote attacker could cause a
denial of service via application crash. (CVE-2010-1156)

This update also adds SSLv3 and TLSv1 support, while disabling the old,
insecure SSLv2 protocol.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchirssi< 0.8.14-1ubuntu1.2UNKNOWN
Ubuntu9.10noarchirssi-dev< 0.8.14-1ubuntu1.2UNKNOWN
Ubuntu9.04noarchirssi< 0.8.12-6ubuntu1.3UNKNOWN
Ubuntu9.04noarchirssi-dev< 0.8.12-6ubuntu1.3UNKNOWN
Ubuntu8.10noarchirssi< 0.8.12-4ubuntu2.3UNKNOWN
Ubuntu8.10noarchirssi-dev< 0.8.12-4ubuntu2.3UNKNOWN
Ubuntu8.04noarchirssi< 0.8.12-3ubuntu3.3UNKNOWN
Ubuntu8.04noarchirssi-dev< 0.8.12-3ubuntu3.3UNKNOWN

Related

openvas 14
securityvulns 2
nessus 9
freebsd 1
slackware 1
ubuntu 1
cvelist 2
cve 2
debiancve 2
ubuntucve 2
nvd 2
prion 2
osv 1
openvas
openvas
Fedora Update for irssi FEDORA-2010-6629
2010-05-17 00:00:00
Slackware: Security Advisory (SSA:2010-116-01)
2012-09-10 00:00:00
Ubuntu Update for irssi regression USN-929-2
2010-04-29 00:00:00
securityvulns
securityvulns
irssi multiple security vulnerabilities
2010-04-19 00:00:00
[USN-929-1] irssi vulnerabilities
2010-04-19 00:00:00
nessus
nessus
openSUSE Security Update : irssi (openSUSE-SU-2010:0183-1)
2010-04-30 00:00:00
Fedora 12 : irssi-0.8.15-1.fc12 (2010-6629)
2010-07-01 00:00:00
openSUSE Security Update : irssi (openSUSE-SU-2010:0183-1)
2010-04-30 00:00:00
freebsd
freebsd
irssi -- multiple vulnerabilities
2010-04-16 00:00:00
slackware
slackware
[slackware-security] irssi
2010-04-26 07:08:48
ubuntu
ubuntu
irssi vulnerabilities
2010-04-15 00:00:00
cvelist
cvelist
CVE-2010-1156
2010-04-16 19:00:00
CVE-2010-1155
2010-04-16 19:00:00
cve
cve
CVE-2010-1156
2010-04-16 19:30:00
CVE-2010-1155
2010-04-16 19:30:00
debiancve
debiancve
CVE-2010-1156
2010-04-16 19:30:00
CVE-2010-1155
2010-04-16 19:30:00
ubuntucve
ubuntucve
CVE-2010-1156
2010-04-14 00:00:00
CVE-2010-1155
2010-04-14 00:00:00
nvd
nvd
CVE-2010-1155
2010-04-16 19:30:00
CVE-2010-1156
2010-04-16 19:30:00
prion
prion
Null pointer dereference
2010-04-16 19:30:00
Code injection
2010-04-16 19:30:00
osv
osv
irssi-0.8.20-3.1 on GA media
2024-06-15 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.254

Percentile

96.7%

JSON
Related for USN-929-2
openvas14securityvulns2nessus9freebsd1slackware1ubuntu1cvelist2cve2debiancve2ubuntucve2nvd2prion2osv1