FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-4016

This CVE name corresponds to:

Entered Topic
2010-01-28 irc-ratbox -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-4016
Phase Assigned(20091119)

Description

Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.

References

Source Reference
MLIST [ircd-ratbox] 20100125 ircd-ratbox-2.2.9 released
CONFIRM http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz
CONFIRM http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev
CONFIRM http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES
DEBIAN DSA-1980
BID 37978
SECUNIA 38210
SECUNIA 38381
SECUNIA 38382
SECUNIA 38383