CVE-2006-0458
CVSS5.0
发布时间 :2006-03-06 18:02:00
修订时间 :2008-09-05 16:59:19
NMCOP    

[原文]The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.


[CNNVD]Ubuntu Linux IRSSI DCC ACCEPT拒绝服务漏洞(CNNVD-200603-079)

        在Ubuntu Linux的irssi 0.8.9+0.8.10rc5-0ubuntu4.1之前版本(可能还有其它版本)中的DCC ACCEPT命令句柄,允许远程攻击者通过DCC命令中的某些虚假参数,制造拒绝服务(应用程序崩溃) 。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:irssi:irssi:0.8.10rc5
cpe:/a:irssi:irssi:0.8.9

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0458
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0458
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-079
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/19090
(VENDOR_ADVISORY)  SECUNIA  19090
http://www.ubuntulinux.org/support/documentation/usn/usn-259-1
(VENDOR_ADVISORY)  UBUNTU  USN-259-1
http://www.securityfocus.com/bid/16913
(UNKNOWN)  BID  16913
http://xforce.iss.net/xforce/xfdb/25147
(UNKNOWN)  XF  irssi-dcc-accept-dos(25147)

- 漏洞信息

Ubuntu Linux IRSSI DCC ACCEPT拒绝服务漏洞
中危 其他
2006-03-06 00:00:00 2006-03-07 00:00:00
远程  
        在Ubuntu Linux的irssi 0.8.9+0.8.10rc5-0ubuntu4.1之前版本(可能还有其它版本)中的DCC ACCEPT命令句柄,允许远程攻击者通过DCC命令中的某些虚假参数,制造拒绝服务(应用程序崩溃) 。

- 公告与补丁

        目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本.

- 漏洞信息 (F44328)

Ubuntu Security Notice 259-1 (PacketStormID:F44328)
2006-03-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service
linux,ubuntu
CVE-2006-0458
[点击下载]

Ubuntu Security Notice USN-259-1 - A Denial of Service vulnerability was discovered in irssi. The DCC ACCEPT command handler did not sufficiently verify the remotely specified arguments. A remote attacker could exploit this to crash irssi by sending a specially crafted DCC commands.

===========================================================
Ubuntu Security Notice USN-259-1	     March 01, 2006
irssi-text vulnerability
CVE-2006-0458
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

irssi-text

The problem can be corrected by upgrading the affected package to
version 0.8.9+0.8.10rc5-0ubuntu4.1.  After a standard system upgrade
you need to restart irssi to effect the necessary changes.

Details follow:

A Denial of Service vulnerability was discoverd in irssi. The DCC
ACCEPT command handler did not sufficiently verify the remotely
specified arguments. A remote attacker could exploit this to crash
irssi by sending a specially crafted DCC commands.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1.diff.gz
      Size/MD5:    12568 50ec4fee5eaf55ba7a312373bbaca462
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1.dsc
      Size/MD5:      739 23ccac99b2a8f82d47cb1cc5f9a51ac8
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5.orig.tar.gz
      Size/MD5:  1192158 7c0b6c1533c85e918f41ded1238e4ca1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_amd64.deb
      Size/MD5:   955832 134ebeda2593d742a808a79b78a9f488

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_i386.deb
      Size/MD5:   851690 854b0e9e9ff3a73160a71d1b5445d850

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi-text/irssi-text_0.8.9+0.8.10rc5-0ubuntu4.1_powerpc.deb
      Size/MD5:   937644 73f7b5547d9905e95006889dbc92082b
    

- 漏洞信息

23598
irssi Crafted DCC ACCEPT Message Remote DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

- 时间线

2006-03-01 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站