ngIRCd < 0.8.3 Log_Resolver() Format String

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote chat server is affected by a format string vulnerability.

Description :

According to its banner, the version of the ngIRCd chat service
running on the remote host contains a format string vulnerability. If
it was compiled with IDENT, DEBUG is enabled, and it's logging to
SYSLOG, a remote attacker can leverage this issue to execute arbitrary
code on the remote host subject to the privileges under which the
service operates, which is 'root' by default.

See also :

http://marc.info/?l=bugtraq&m=110746413108183&w=2
http://ngircd.barton.de/doc/ChangeLog
http://arthur.barton.de/pipermail/ngircd-ml/2005-February/000234.html

Solution :

Upgrade to ngIRCd 0.8.3 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.2
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 16310 ()

Bugtraq ID: 12434

CVE ID: CVE-2005-0226