CVE Vulnerabilities

CVE-2007-4407

Published: Aug 18, 2007 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a netriding attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass.

Affected Software

Name Vendor Start Version End Version
Ircu Universal_ircd 2.10.12.03 (including) 2.10.12.03 (including)
Ircu Universal_ircd 2.10.12.04 (including) 2.10.12.04 (including)
Ircd-ircu Ubuntu upstream *

References