Ircu
by Ircu
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1501 | 0.03 | — | 0.05 | Mar 25, 2008 | The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command. | |||
| CVE-2007-4406 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split. | |||
| CVE-2007-4408 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking. | |||
| CVE-2007-4405 | 0.00 | — | 0.02 | Aug 18, 2007 | ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels). | |||
| CVE-2007-4411 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies. | |||
| CVE-2007-4404 | 0.00 | — | 0.02 | Aug 18, 2007 | ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel"… | |||
| CVE-2007-4407 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the… | |||
| CVE-2007-4410 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops. | |||
| CVE-2007-4409 | 0.00 | — | 0.01 | Aug 18, 2007 | Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives. |
- CVE-2008-1501Mar 25, 2008risk 0.03cvss —epss 0.05
The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.
- CVE-2007-4406Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.
- CVE-2007-4408Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.
- CVE-2007-4405Aug 18, 2007risk 0.00cvss —epss 0.02
ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).
- CVE-2007-4411Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.
- CVE-2007-4404Aug 18, 2007risk 0.00cvss —epss 0.02
ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel"…
- CVE-2007-4407Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the…
- CVE-2007-4410Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.
- CVE-2007-4409Aug 18, 2007risk 0.00cvss —epss 0.01
Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.