Secunia Security Advisory - Scott Sinclair has reported a vulnerability in irssi, which can be exploited by malicious people to cause a DoS (Denial of Service).
98d706539bfa04481097451fff3fedaf9634306c6be032ec09bfe9fba84dbc25
TITLE:
Ubuntu irssi DCC ACCEPT Parameter Handling Denial of Service
SECUNIA ADVISORY ID:
SA19090
VERIFY ADVISORY:
http://secunia.com/advisories/19090/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Ubuntu Linux 5.10
http://secunia.com/product/6606/
DESCRIPTION:
Scott Sinclair has reported a vulnerability in irssi, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the
"dcc_ctcp_resume_parse()" function in "dcc-resume.c". This can be
exploited to crash a vulnerable client by sending a specially crafted
DCC ACCEPT message with too few parameters.
SOLUTION:
Apply updated packages.
-- Ubuntu 5.10 (Breezy Badger) --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1.diff.gz
Size/MD5: 12568 50ec4fee5eaf55ba7a312373bbaca462
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1.dsc
Size/MD5: 739 23ccac99b2a8f82d47cb1cc5f9a51ac8
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5.orig.tar.gz
Size/MD5: 1192158 7c0b6c1533c85e918f41ded1238e4ca1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_amd64.deb
Size/MD5: 955832 134ebeda2593d742a808a79b78a9f488
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_i386.deb
Size/MD5: 851690 854b0e9e9ff3a73160a71d1b5445d850
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_powerpc.deb
Size/MD5: 937644 73f7b5547d9905e95006889dbc92082b
PROVIDED AND/OR DISCOVERED BY:
Reported by Scott Sinclair.
ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-259-1
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------