Debian Local Security Checks : Debian Security Advisory DSA 3226-1 (inspircd

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703226

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3226-1 (inspircd - security update)

Zusammenfassung: Adam discovered several problems in inspircd, an IRC daemon:;;An incomplete patch for CVE-2012-1836;;failed to adequately resolve the problem where maliciously crafted DNS;requests could lead to remote code execution through a heap-based buffer;overflow.;;The incorrect processing of specific DNS packets could trigger an;infinite loop, thus resulting in a denial of service.

Beschreibung: Summary:
Adam discovered several problems in inspircd, an IRC daemon:

An incomplete patch for CVE-2012-1836

failed to adequately resolve the problem where maliciously crafted DNS
requests could lead to remote code execution through a heap-based buffer
overflow.

The incorrect processing of specific DNS packets could trigger an
infinite loop, thus resulting in a denial of service.

Affected Software/OS:
inspircd on Debian Linux

Solution:
For the stable distribution (wheezy), this problem has been fixed in
version 2.0.5-1+deb7u1.

For the upcoming stable distribution (jessie) and unstable
distribution (sid), this problem has been fixed in version 2.0.16-1.

We recommend that you upgrade your inspircd packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1836
BugTraq ID: 52561
http://www.securityfocus.com/bid/52561
CERT/CC vulnerability note: VU#212651
http://www.kb.cert.org/vuls/id/212651
Debian Security Information: DSA-2448 (Google Search)
http://www.debian.org/security/2012/dsa-2448
http://osvdb.org/80263
http://secunia.com/advisories/48474
XForce ISS Database: inspircd-dns-bo(74157)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74157
Common Vulnerability Exposure (CVE) ID: CVE-2012-6696
Debian Security Information: DSA-3226 (Google Search)
http://www.debian.org/security/2015/dsa-3226
http://www.openwall.com/lists/oss-security/2015/08/26/1
Common Vulnerability Exposure (CVE) ID: CVE-2012-6697
https://security.gentoo.org/glsa/201512-13
Common Vulnerability Exposure (CVE) ID: CVE-2015-6674

Copyright Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703226
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3226-1 (inspircd - security update)
Zusammenfassung:	Adam discovered several problems in inspircd, an IRC daemon:;;An incomplete patch for CVE-2012-1836;;failed to adequately resolve the problem where maliciously crafted DNS;requests could lead to remote code execution through a heap-based buffer;overflow.;;The incorrect processing of specific DNS packets could trigger an;infinite loop, thus resulting in a denial of service.
Beschreibung:	Summary: Adam discovered several problems in inspircd, an IRC daemon: An incomplete patch for CVE-2012-1836 failed to adequately resolve the problem where maliciously crafted DNS requests could lead to remote code execution through a heap-based buffer overflow. The incorrect processing of specific DNS packets could trigger an infinite loop, thus resulting in a denial of service. Affected Software/OS: inspircd on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 2.0.5-1+deb7u1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.0.16-1. We recommend that you upgrade your inspircd packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1836 BugTraq ID: 52561 http://www.securityfocus.com/bid/52561 CERT/CC vulnerability note: VU#212651 http://www.kb.cert.org/vuls/id/212651 Debian Security Information: DSA-2448 (Google Search) http://www.debian.org/security/2012/dsa-2448 http://osvdb.org/80263 http://secunia.com/advisories/48474 XForce ISS Database: inspircd-dns-bo(74157) https://exchange.xforce.ibmcloud.com/vulnerabilities/74157 Common Vulnerability Exposure (CVE) ID: CVE-2012-6696 Debian Security Information: DSA-3226 (Google Search) http://www.debian.org/security/2015/dsa-3226 http://www.openwall.com/lists/oss-security/2015/08/26/1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6697 https://security.gentoo.org/glsa/201512-13 Common Vulnerability Exposure (CVE) ID: CVE-2015-6674
Copyright	Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net