Executive Summary

Summary
Title New znc packages fix denial of service
Informations
Name DSA-2069 First vendor Publication 2010-07-11
Vendor Debian Last vendor Modification 2010-07-11
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Cvss Base Score 3.5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that znc, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection.

For the stable distribution (lenny), the problem has been fixed in version 0.058-2+lenny4.

For the testing distribution (squeeze) and the unstable distribution (sid), the problem has been fixed in version 0.090-2.

We recommend that you upgrade your znc packages.

Original Source

Url : http://www.debian.org/security/2010/dsa-2069

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11828
 
Oval ID: oval:org.mitre.oval:def:11828
Title: DSA-2069 znc -- denial of service
Description: It was discovered that znc, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection.
Family: unix Class: patch
Reference(s): DSA-2069
CVE-2010-2448
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): znc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13565
 
Oval ID: oval:org.mitre.oval:def:13565
Title: DSA-2069-1 znc -- denial of service
Description: It was discovered that znc, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection. For the stable distribution, the problem has been fixed in version 0.058-2+lenny4. For the testing distribution and the unstable distribution, the problem has been fixed in version 0.090-2. We recommend that you upgrade your znc packages.
Family: unix Class: patch
Reference(s): DSA-2069-1
CVE-2010-2448
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): znc
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 23

OpenVAS Exploits

Date Description
2010-06-21 Name : ZNC NULL Pointer Dereference Denial Of Service Vulnerability
File : nvt/gb_znc_40982.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
66236 Debian ZNC znc.cpp Traffic Statistics Processing NULL Dereference Remote DoS

Nessus® Vulnerability Scanner

Date Description
2010-07-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2069.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10042.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10078.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10082.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:29:30
  • Multiple Updates