IRCD RatBox Pending Connections Denial Of Service Vulnerability
BID:24044
Info
IRCD RatBox Pending Connections Denial Of Service Vulnerability
| Bugtraq ID: | 24044 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-2786 |
| Remote: | Yes |
| Local: | No |
| Published: | May 18 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current ircd-ratbox ircd-ratbox 2.2.5 ircd-ratbox ircd-ratbox 2.0 rc7 ircd-ratbox ircd-ratbox 2.0 rc6 ircd-ratbox ircd-ratbox 1.5.2 ircd-ratbox ircd-ratbox 1.5.1 |
| Not Vulnerable: |
ircd-ratbox ircd-ratbox 2.2.6 |
Discussion
IRCD RatBox Pending Connections Denial Of Service Vulnerability
The 'ircd-ratbox' program is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to deny service to legitimate users.
Versions of ircd-ratbox prior to 2.2.6 are vulnerable.
The 'ircd-ratbox' program is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to deny service to legitimate users.
Versions of ircd-ratbox prior to 2.2.6 are vulnerable.
Exploit / POC
IRCD RatBox Pending Connections Denial Of Service Vulnerability
An attacker can exploit this issue using readily available packet-crafting utilities.
An attacker can exploit this issue using readily available packet-crafting utilities.
Solution / Fix
IRCD RatBox Pending Connections Denial Of Service Vulnerability
Solution:
The vendor has released version 2.2.6 to address this issue. Please see the references for more information.
OpenPKG OpenPKG E1.0-Solid
OpenPKG OpenPKG Current
ircd-ratbox ircd-ratbox 1.5.1
ircd-ratbox ircd-ratbox 1.5.2
ircd-ratbox ircd-ratbox 2.0 rc7
ircd-ratbox ircd-ratbox 2.0 rc6
ircd-ratbox ircd-ratbox 2.2.5
Solution:
The vendor has released version 2.2.6 to address this issue. Please see the references for more information.
OpenPKG OpenPKG E1.0-Solid
-
OpenPKG ratbox-2.2.3-E1.0.1.src.rpm
ftp://ftp.openpkg.org/release/E1.0/SRC/BASE/ratbox-2.2.3-E1.0.1.src.rp m
OpenPKG OpenPKG Current
-
OpenPKG ratbox-2.2.6-20070515.src.rpm
ftp://ftp.openpkg.org/current/SRC/BASE/ratbox-2.2.6-20070515.src.rpm
ircd-ratbox ircd-ratbox 1.5.1
-
ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
ircd-ratbox ircd-ratbox 1.5.2
-
ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
ircd-ratbox ircd-ratbox 2.0 rc7
-
ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
ircd-ratbox ircd-ratbox 2.0 rc6
-
ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
ircd-ratbox ircd-ratbox 2.2.5
-
ircd-ratbox ircd-ratbox-2.2.6.tgz
http://www.ircd-ratbox.org/download/ircd-ratbox-2.2.6.tgz
References
IRCD RatBox Pending Connections Denial Of Service Vulnerability
References:
References:
- ircd-ratbox Home Page (ircd-ratbox)
- OpenPKG Security Advisory (ratbox) (OpenPKG)