CVE-2009-4016 — MEDIUM (6.8)

Q: How severe is CVE-2009-4016?

CVE-2009-4016 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-4016?

Check the references section above for vendor advisories and patch information. Affected products include: Ircd-Hybrid Ircd-Hybrid, Ircd-Ratbox Ircd-Ratbox, Oftc Oftc-Hybrid.

Vulnerability Description

Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Ircd-Hybrid	Ircd-Hybrid	7.2.2
Ircd-Ratbox	Ircd-Ratbox	<= 2.2.8
Oftc	Oftc-Hybrid	<= 1.6.7

Related Weaknesses (CWE)

CWE-189

References

http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
http://secunia.com/advisories/38210Vendor Advisory
http://secunia.com/advisories/38381Vendor Advisory
http://secunia.com/advisories/38382Vendor Advisory
http://secunia.com/advisories/38383Vendor Advisory
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsPatch
http://svn.ircd-hybrid.org:8000/viewcvs.cgi?rev=1044&view=rev
http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTE
http://www.debian.org/security/2010/dsa-1980Patch
http://www.securityfocus.com/bid/37978
http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
http://secunia.com/advisories/38210Vendor Advisory
http://secunia.com/advisories/38381Vendor Advisory
http://secunia.com/advisories/38382Vendor Advisory
http://secunia.com/advisories/38383Vendor Advisory

FAQ

What is CVE-2009-4016?

CVE-2009-4016 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allow...

How severe is CVE-2009-4016?

CVE-2009-4016 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-4016?

Check the references section above for vendor advisories and patch information. Affected products include: Ircd-Hybrid Ircd-Hybrid, Ircd-Ratbox Ircd-Ratbox, Oftc Oftc-Hybrid.