Vulnerabilites related to unrealircd - unrealircd
CVE-2013-6413 (GCVE-0-2013-6413)
Vulnerability from cvelistv5
Published
2014-05-19 14:00
Modified
2024-08-06 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/379 | mailing-list, x_refsource_MLIST | |
| http://forums.unrealircd.com/viewtopic.php?f=2&t=8221 | x_refsource_CONFIRM | |
| http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q4/383 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"name": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221",
"refsource": "CONFIRM",
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"name": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6413",
"datePublished": "2014-05-19T14:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50784 (GCVE-0-2023-50784)
Vulnerability from cvelistv5
Published
2023-12-16 00:00
Modified
2024-08-02 22:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unrealircd.org/index/news"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"
},
{
"name": "FEDORA-2023-41f41fbb69",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
},
{
"name": "FEDORA-2023-7c6c696102",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-26T03:06:13.346235",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.unrealircd.org/index/news"
},
{
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"
},
{
"name": "FEDORA-2023-41f41fbb69",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
},
{
"name": "FEDORA-2023-7c6c696102",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50784",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2023-12-14T00:00:00",
"dateUpdated": "2024-08-02T22:23:43.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13649 (GCVE-0-2017-13649)
Vulnerability from cvelistv5
Published
2017-08-23 21:00
Modified
2024-08-05 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.unrealircd.org/view.php?id=4990 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/100507 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:18.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.unrealircd.org/view.php?id=4990",
"refsource": "MISC",
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13649",
"datePublished": "2017-08-23T21:00:00",
"dateReserved": "2017-08-23T00:00:00",
"dateUpdated": "2024-08-05T19:05:18.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7144 (GCVE-0-2016-7144)
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766 | x_refsource_CONFIRM | |
| https://forums.unrealircd.org/viewtopic.php?f=1&t=8588 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92763 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/09/05/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/04/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766",
"refsource": "CONFIRM",
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"name": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588",
"refsource": "CONFIRM",
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7144",
"datePublished": "2017-01-18T17:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4893 (GCVE-0-2009-4893)
Vulnerability from cvelistv5
Published
2010-06-15 01:00
Modified
2024-08-07 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-201006-21.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2010/06/14/13 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/42077 | vdb-entry, x_refsource_BID | |
| http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-28T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201006-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42077"
},
{
"name": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4893",
"datePublished": "2010-06-15T01:00:00",
"dateReserved": "2010-06-14T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7384 (GCVE-0-2013-7384)
Vulnerability from cvelistv5
Published
2014-05-19 14:00
Modified
2024-09-16 19:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/379 | mailing-list, x_refsource_MLIST | |
| http://forums.unrealircd.com/viewtopic.php?f=2&t=8221 | x_refsource_CONFIRM | |
| http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q4/383 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"name": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221",
"refsource": "CONFIRM",
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"name": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7384",
"datePublished": "2014-05-19T14:00:00Z",
"dateReserved": "2014-05-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:51:20.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2075 (GCVE-0-2010-2075)
Vulnerability from cvelistv5
Published
2010-06-15 01:00
Modified
2024-08-07 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/1437 | vdb-entry, x_refsource_VUPEN | |
| http://security.gentoo.org/glsa/glsa-201006-21.xml | vendor-advisory, x_refsource_GENTOO | |
| http://osvdb.org/65445 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2010/06/14/11 | mailing-list, x_refsource_MLIST | |
| http://www.exploit-db.com/exploits/13853 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/40169 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2010/Jun/277 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/40820 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2010/Jun/284 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-18T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"refsource": "OSVDB",
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2075",
"datePublished": "2010-06-15T01:00:00",
"dateReserved": "2010-05-25T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unrealircd | unrealircd | * | |
| unrealircd | unrealircd | 4.0.0 | |
| unrealircd | unrealircd | 4.0.1 | |
| unrealircd | unrealircd | 4.0.2 | |
| unrealircd | unrealircd | 4.0.3 | |
| unrealircd | unrealircd | 4.0.3.1 | |
| unrealircd | unrealircd | 4.0.4 | |
| unrealircd | unrealircd | 4.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E36F4B9A-FE00-4254-AE01-988C5E3563DC",
"versionEndIncluding": "3.2.10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEACFAE-0672-465C-B36A-2511CD8F7D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78ABEC11-ACFD-49CD-BA6A-041EAE20FCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E776FF2-D9CC-468E-9505-8BAA042B070A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C6CA34-F564-4F19-AADB-D54595BA3BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:4.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A89C6801-3E03-426E-A034-1DBC06998F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C229E849-C99A-48C3-A00A-67A714904F1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CB89D241-E224-45B9-8B77-B5FA3C955099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."
},
{
"lang": "es",
"value": "La funci\u00f3n m_authenticate en modules/m_sasl.c en UnrealIRCd en versiones anteriores a 3.2.10.7 y 4.x en versiones anteriores a 4.0.6 permite a atacantes remotos suplantar huellas dactilares de certificados y consecuentemente iniciar sesi\u00f3n como otro usuario a trav\u00e9s de un par\u00e1metro AUTHENTICATE manipulado."
}
],
"id": "CVE-2016-7144",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T17:59:00.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92763"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-19 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unrealircd | unrealircd | 3.2.10 | |
| unrealircd | unrealircd | 3.2.10.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDFB2BC-E10C-4F8A-829E-F63F9146EF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09D6AD81-3B0C-4205-A91B-734E78B88457",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
},
{
"lang": "es",
"value": "UnrealIRCd 3.2.10 anterior a 3.2.10.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia en puntero nulo y ca\u00edda) a trav\u00e9s de vectores no especificados, relacionado con SSL. NOTA: este problema fue dividido (SPLIT) de CVE-2013-6413 por ADT2 debido a tipos diferentes de vulnerabilidad."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"",
"id": "CVE-2013-7384",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-19T14:55:10.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/383"
},
{
"source": "cve@mitre.org",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-16 23:15
Modified
2024-11-21 08:37
Severity ?
Summary
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unrealircd | unrealircd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "574ACE08-97D7-4495-BF19-0F2EA0631ECA",
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en websockets en UnrealIRCd 6.1.0 hasta 6.1.3 anterior a 6.1.4 permite que un atacante remoto no autenticado bloquee el servidor enviando un paquete de gran tama\u00f1o (si un puerto websocket est\u00e1 abierto). La ejecuci\u00f3n remota de c\u00f3digo podr\u00eda ser posible en algunas plataformas antiguas y poco comunes."
}
],
"id": "CVE-2023-50784",
"lastModified": "2024-11-21T08:37:18.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-16T23:15:40.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.unrealircd.org/index/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.unrealircd.org/index/news"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-23 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/100507 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.unrealircd.org/view.php?id=4990 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100507 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.unrealircd.org/view.php?id=4990 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unrealircd | unrealircd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "820D68EC-4DF4-4050-8BB5-996690483267",
"versionEndIncluding": "4.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
},
{
"lang": "es",
"value": "UnrealIRCd 4.0.13 y anteriores crea un archivo PID tras eliminar privilegios a una cuenta no-root, lo que podr\u00eda permitir que usuarios locales terminen procesos arbitrarios aprovechando el acceso a esta cuenta no-root para modificar PID antes de que un script root ejecute un comando \"kill `cat /pathname`\". NOTA: El proveedor indica que no existe un escenario com\u00fan o recomendado en el que un script root ejecutar\u00eda este comando kill."
}
],
"id": "CVE-2017-13649",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-23T21:29:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100507"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.unrealircd.org/view.php?id=4990"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-19 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unrealircd | unrealircd | 3.2.10 | |
| unrealircd | unrealircd | 3.2.10.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDFB2BC-E10C-4F8A-829E-F63F9146EF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09D6AD81-3B0C-4205-A91B-734E78B88457",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en UnrealIRCd 3.2.10 anterior a 3.2.10.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores no especificados. NOTA: este identificador fue dividido (SPLIT) por ADT2 debido a tipos diferentes de vulnerabilidad. CVE-2013-7384 fue asignado para la referencia en puntero nulo."
}
],
"id": "CVE-2013-6413",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-19T14:55:09.017",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/383"
},
{
"source": "secalert@redhat.com",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-15 14:04
Modified
2025-04-11 00:51
Severity ?
Summary
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unrealircd | unrealircd | 3.2.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60C4474E-516D-4938-A148-42E16FE589DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands."
},
{
"lang": "es",
"value": "Versiones de UnrealIRCd v3.2.8.1, distribuidas en ciertos sitios espejo (mirrors) desde Noviembre de 2009 hasta Junio de 2010 contienen una modificaci\u00f3n introducida externamente (Caballo de Troya)en la macro DEBUG3_DOLOG_SYSTEM, que permite a atacantes remotos ejecutar comandos de su elecci\u00f3n."
}
],
"evaluatorComment": "Per: http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt\r\n\r\n\u0027Official precompiled Windows binaries (SSL and non-ssl) are NOT affected.\r\n\r\nCVS is also not affected.\r\n\r\n3.2.8 and any earlier versions are not affected.\r\n\r\nAny Unreal3.2.8.1.tar.gz downloaded BEFORE November 10 2009 should be safe, but you should really double-check, see next.\u0027",
"id": "CVE-2010-2075",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-15T14:04:26.327",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/65445"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40169"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40820"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1437"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-15 14:04
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unrealircd | unrealircd | 3.2 | |
| unrealircd | unrealircd | 3.2.1 | |
| unrealircd | unrealircd | 3.2.1 | |
| unrealircd | unrealircd | 3.2.1 | |
| unrealircd | unrealircd | 3.2.2 | |
| unrealircd | unrealircd | 3.2.2 | |
| unrealircd | unrealircd | 3.2.3 | |
| unrealircd | unrealircd | 3.2.3 | |
| unrealircd | unrealircd | 3.2.3 | |
| unrealircd | unrealircd | 3.2.3 | |
| unrealircd | unrealircd | 3.2.3 | |
| unrealircd | unrealircd | 3.2.4 | |
| unrealircd | unrealircd | 3.2.4 | |
| unrealircd | unrealircd | 3.2.4 | |
| unrealircd | unrealircd | 3.2.4 | |
| unrealircd | unrealircd | 3.2.4 | |
| unrealircd | unrealircd | 3.2.4 | |
| unrealircd | unrealircd | 3.2.5 | |
| unrealircd | unrealircd | 3.2.5 | |
| unrealircd | unrealircd | 3.2.5 | |
| unrealircd | unrealircd | 3.2.5 | |
| unrealircd | unrealircd | 3.2.6 | |
| unrealircd | unrealircd | 3.2.6 | |
| unrealircd | unrealircd | 3.2.6 | |
| unrealircd | unrealircd | 3.2.6 | |
| unrealircd | unrealircd | 3.2.7 | |
| unrealircd | unrealircd | 3.2.7 | |
| unrealircd | unrealircd | 3.2.7 | |
| unrealircd | unrealircd | 3.2.8 | |
| unrealircd | unrealircd | 3.2.8 | |
| unrealircd | unrealircd | 3.2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2:beta11:*:*:*:*:*:*",
"matchCriteriaId": "BA73C6B3-F7F1-4907-B396-4D208A44CF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2185F2F0-1791-43A8-BDCF-6A0C88EC9747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.1:pre1:*:*:*:*:*:*",
"matchCriteriaId": "C7D99A6A-E9C6-4F24-9A42-8DDD90356940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "E08A61AB-D7B7-4CE8-90DD-955DAE660050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62F921EE-278D-4608-8F0E-97F6A8F08468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.2:pre1:*:*:*:*:*:*",
"matchCriteriaId": "DE98C6FE-5195-4A03-A6A7-0F3AA39A5132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "260E29F2-8EEE-4F50-A64B-57BF51193780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.3:pre1:*:*:*:*:*:*",
"matchCriteriaId": "8C8D661C-B09E-4615-9858-A0FFAA500C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.3:pre2:*:*:*:*:*:*",
"matchCriteriaId": "B9279F94-5159-41B0-99DF-A389910E7C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.3:pre3:*:*:*:*:*:*",
"matchCriteriaId": "243E88AF-2178-42B3-A563-76C23EDD1278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.3:pre4:*:*:*:*:*:*",
"matchCriteriaId": "D7112386-BE35-45A8-813B-03D7D6495958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06D9F64A-CBB8-4B49-BC09-F0B267C98EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "A7BDC698-18A0-4F1E-92B0-7E7D1D2F80AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3E482F0F-E98E-4D2A-822F-08C372A7FC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2B6D6A15-60EA-4B27-87AA-197F014F6CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "635EC169-C8C8-4C52-84BC-48765DC375A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2EEA8E08-215E-47CA-9074-A59098CB5EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "744421B9-961E-423B-BB86-60F23D88F5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FAB49F5-D94B-47CF-B810-B7FBAD8ADFAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2EF31F4C-13A3-4585-A737-7F1E95A4F2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "8F908926-F2DF-4DA1-B67D-33D6ED0F3685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F8A053-9596-4D33-A27E-D94E67618938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9CD5E4B-0C96-4BEE-A590-1419565BB89D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "918C2949-60CC-4BD7-871E-A2C0909C4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ADB9644D-A12B-40C8-9673-83F0EE07898F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB21BA6-DC3D-47C7-8969-F3B4BB0EF964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "940628BB-42FA-48E8-BB60-C0483C4EE77D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E4258FC4-1D85-44BF-85DF-DFACE704D358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCCF5D1-EDA5-4793-BBDD-39D89248D97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD0B364F-FC24-4F3A-874A-8235AC99A3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unrealircd:unrealircd:3.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8B8C2218-D20D-402A-BA75-A2063FC80163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en UnrealIRCd 3.2beta11 a 3.2.8, cuando allow::options::noident est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4893",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-15T14:04:26.233",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/42077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}