The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ngircd | Ngircd | 13 (including) | 13 (including) |
| Ngircd | Ngircd | 14 (including) | 14 (including) |
| Ngircd | Ubuntu | artful | * |
| Ngircd | Ubuntu | dapper | * |
| Ngircd | Ubuntu | hardy | * |
| Ngircd | Ubuntu | intrepid | * |
| Ngircd | Ubuntu | jaunty | * |
| Ngircd | Ubuntu | karmic | * |
| Ngircd | Ubuntu | lucid | * |
| Ngircd | Ubuntu | maverick | * |
| Ngircd | Ubuntu | natty | * |
| Ngircd | Ubuntu | oneiric | * |
| Ngircd | Ubuntu | precise | * |
| Ngircd | Ubuntu | quantal | * |
| Ngircd | Ubuntu | raring | * |
| Ngircd | Ubuntu | saucy | * |
| Ngircd | Ubuntu | upstream | * |
| Ngircd | Ubuntu | utopic | * |
| Ngircd | Ubuntu | vivid | * |
| Ngircd | Ubuntu | wily | * |
| Ngircd | Ubuntu | yakkety | * |
| Ngircd | Ubuntu | zesty | * |