IRCD RatBox Pending Connections Denial Of Service Vulnerability
TITLE: IRCD RatBox Pending Connections Denial Of Service Vulnerability
CLASS: Failure to Handle Exceptional Conditions
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 18 2007 12:00AM
UPDATE: May 18 2007 07:48PM
CREDIT: The vendor disclosed this issue.
VULNERABLE:
OpenPKG OpenPKG E1.0-SolidNOT VULNERABLE:
OpenPKG OpenPKG Current
ircd-ratbox ircd-ratbox 2.2.5
ircd-ratbox ircd-ratbox 2.0 rc7
ircd-ratbox ircd-ratbox 2.0 rc6
ircd-ratbox ircd-ratbox 1.5.2
ircd-ratbox ircd-ratbox 1.5.1
ircd-ratbox ircd-ratbox 2.2.6
Vai alla pagina originale su Security Focus
Discussion
The 'ircd-ratbox' program is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to deny service to legitimate users.
Versions of ircd-ratbox prior to 2.2.6 are vulnerable.
Exploit
An attacker can exploit this issue using readily available packet-crafting utilities.
Solution
Solution:
The vendor has released version 2.2.6 to address this issue. Please see the references for more information.
OpenPKG OpenPKG E1.0-Solid
- OpenPKG ratbox-2.2.3-E1.0.1.src.rpm
ftp://ftp.openpkg.org/release/E1.0/SRC/BASE/ratbox-2.2.3-E1.0.1.src.rpm
OpenPKG OpenPKG Current
- OpenPKG ratbox-2.2.6-20070515.src.rpm
ftp://ftp.openpkg.org/current/SRC/BASE/ratbox-2.2.6-20070515.src.rpm
ircd-ratbox ircd-ratbox 1.5.1
- ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
ircd-ratbox ircd-ratbox 1.5.2
- ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
ircd-ratbox ircd-ratbox 2.0 rc7
- ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
ircd-ratbox ircd-ratbox 2.0 rc6
- ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
ircd-ratbox ircd-ratbox 2.2.5
- ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
References
References:
- ircd-ratbox Home Page (ircd-ratbox)
- OpenPKG Security Advisory (ratbox) (OpenPKG)