Executive Summary
| Summary | |
|---|---|
| Title | New hybserv packages fix denial of service |
| Informations | |||
|---|---|---|---|
| Name | DSA-1982 | First vendor Publication | 2010-01-29 |
| Vendor | Debian | Last vendor Modification | 2010-01-29 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option. For the stable distribution (lenny), this problem has been fixed in version 1.9.2-4+lenny2. Due to a bug in the archive system, it is not possible to release the fix for the oldstable distribution (etch) simultaneously. Therefore, etch will be fixed in version 1.9.2-4+etch1 as soon as it becomes available. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.9.2-4.1. We recommend that you upgrade your hybserv packages. |
Original Source
| Url : http://www.debian.org/security/2010/dsa-1982 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13041 | |||
| Oval ID: | oval:org.mitre.oval:def:13041 | ||
| Title: | DSA-1982-1 hybserv -- denial of service | ||
| Description: | Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option. For the stable distribution, this problem has been fixed in version 1.9.2-4+lenny2. Due to a bug in the archive system, it is not possible to release the fix for the oldstable distribution simultaneously. Therefore, etch will be fixed in version 1.9.2-4+etch1 as soon as it becomes available. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.9.2-4.1. We recommend that you upgrade your hybserv packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1982-1 CVE-2010-0303 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | hybserv |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7259 | |||
| Oval ID: | oval:org.mitre.oval:def:7259 | ||
| Title: | DSA-1982 hybserv -- denial of service | ||
| Description: | Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1982 CVE-2010-0303 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | hybserv |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-02-10 | Name : Debian Security Advisory DSA 1982-1 (hybserv) File : nvt/deb_1982_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 61988 | Hybrid2 IRC Services MemoServ Service Private Message Remote DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1982.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:29:11 |
|
