Detections
Analytics

Multiple Vendor IRC Daemon Debug Format String

critical Nessus Plugin ID 11783

Language:

Synopsis

The remote chat server is affected by a remote command execution vulnerability.

Description

The remote host is running a version of ircd that could be vulnerable to a format string attack.

An attacker could exploit this flaw to execute arbitrary code on this host, or simply to disable this service remotely.

Solution

Upgrade to one of the following IRC daemon :
andromede.net AndromedeIRCd 1.2.4 DALnet Bahamut IRCd 1.4.36 digatech digatech IRCd 1.2.2 methane methane IRCd 0.1.2

See Also

https://marc.info/?l=bugtraq&m=105665996104723&w=2

https://marc.info/?l=bugtraq&m=105673555726823&w=2

https://marc.info/?l=bugtraq&m=105673489525906&w=2

Plugin Details

Severity: Critical

ID: 11783

File Name: ircd_format_string.nasl

Version: 1.15

Type: remote

Published: 6/27/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/26/2003

Reference Information

CVE: CVE-2003-0478

BID: 8038