1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200801-13 / ngircd |
| Release Date | January 27, 2008 |
| Latest Revision | January 27, 2008: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-irc/ngircd | < 0.10.4 | >= 0.10.4 | All supported architectures |
Related bugreports: #204834
ngIRCd does not properly sanitize commands sent by users, allowing for a Denial of Service.
ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
The IRC_PART() function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied.
A remote attacker can exploit this vulnerability to crash the ngIRCd daemon.
There is no known workaround at this time.
All ngIRCd users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/ngircd-0.10.4" |