Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unrealircd | unrealircd | 3.2.6 |
| unrealircd | unrealircd | 3.2 |
| unrealircd | unrealircd | 3.2.7 |
| unrealircd | unrealircd | 3.2.1 |
| unrealircd | unrealircd | 3.2.3 |
| unrealircd | unrealircd | 3.2.5 |
| unrealircd | unrealircd | 3.2.8 |
| unrealircd | unrealircd | 3.2.2 |
| unrealircd | unrealircd | 3.2.4 |
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unrealircd | unrealircd | 3.2.8.1 |
Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unrealircd | unrealircd | 3.2.10.1 |
| unrealircd | unrealircd | 3.2.10 |
UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unrealircd | unrealircd | 3.2.10.1 |
| unrealircd | unrealircd | 3.2.10 |
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unrealircd | unrealircd | 4.0.3 |
| unrealircd | unrealircd | * |
| unrealircd | unrealircd | 4.0.0 |
| unrealircd | unrealircd | 4.0.1 |
| unrealircd | unrealircd | 4.0.2 |
| unrealircd | unrealircd | 4.0.3.1 |
| unrealircd | unrealircd | 4.0.5 |
| unrealircd | unrealircd | 4.0.4 |
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.
CVSS 2.0
Severity: LOW
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unrealircd | unrealircd | * |
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unrealircd | unrealircd | * |