FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

irssi -- multiple vulnerabilities

Affected packages
irssi < 0.8.15
zh-irssi < 0.8.15
irssi-devel < 20100325

Details

VuXML ID 3b7967f1-49e8-11df-83fb-0015587e2cc1
Discovery 2010-04-16
Entry 2010-04-19

Two vulnerabilities have found in irssi. The first issue could allow man-in-the-middle attacks due to a missing comparison of SSL server hostnames and the certificate domain names (e.g. CN).

A second vulnerability, related to the nick matching code, could be triggered by remote attackers in order to crash an irssi client when leaving a channel.

References

CVE Name CVE-2010-1155
CVE Name CVE-2010-1156
URL http://xforce.iss.net/xforce/xfdb/57790
URL http://xforce.iss.net/xforce/xfdb/57791