InspIRCd: Denial of Service — GLSA 200805-08

A buffer overflow in InspIRCd allows remote attackers to cause a Denial of Service.

Affected Packages

net-irc/inspircd on all architectures
Affected versions < 1.1.19
Unaffected versions >= 1.1.19

Background

InspIRCd (Inspire IRCd) is a modular C++ IRC daemon.

Description

The "namesx" and "uhnames" modules do not properly validate network input, leading to a buffer overflow.

Impact

A remote attacker can send specially crafted IRC commands to the server, causing a Denial of Service.

Workaround

Unload the "uhnames" module in the InspIRCd configuration.

Resolution

All InspIRCd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/inspircd-1.1.19"

References

Release Date
May 09, 2008

Latest Revision
May 09, 2008: 01

Severity
normal

Exploitable
remote

Bugzilla entries