TITLE: Ubuntu irssi DCC ACCEPT Parameter Handling Denial of Service SECUNIA ADVISORY ID: SA19090 VERIFY ADVISORY: http://secunia.com/advisories/19090/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 5.10 http://secunia.com/product/6606/ DESCRIPTION: Scott Sinclair has reported a vulnerability in irssi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "dcc_ctcp_resume_parse()" function in "dcc-resume.c". This can be exploited to crash a vulnerable client by sending a specially crafted DCC ACCEPT message with too few parameters. SOLUTION: Apply updated packages. -- Ubuntu 5.10 (Breezy Badger) -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1.diff.gz Size/MD5: 12568 50ec4fee5eaf55ba7a312373bbaca462 http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1.dsc Size/MD5: 739 23ccac99b2a8f82d47cb1cc5f9a51ac8 http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5.orig.tar.gz Size/MD5: 1192158 7c0b6c1533c85e918f41ded1238e4ca1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_amd64.deb Size/MD5: 955832 134ebeda2593d742a808a79b78a9f488 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_i386.deb Size/MD5: 851690 854b0e9e9ff3a73160a71d1b5445d850 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_powerpc.deb Size/MD5: 937644 73f7b5547d9905e95006889dbc92082b PROVIDED AND/OR DISCOVERED BY: Reported by Scott Sinclair. ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-259-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------