Charybdis IRCd m_capab.c Denial of Service

medium Nessus Plugin ID 65196

Synopsis

The remote chat server is affected by a denial of service vulnerability.

Description

The remote host is running a version of Charybdis IRCd that is affected by a denial of service (DoS) vulnerability. An issue exists in the 'CAPAB' module in 'm_capab.c' that causes servers to improperly handle negotiation handshakes.

An unauthenticated, remote attacker could exploit this issue with a specially crafted request, impacting the availability of the service.

Solution

Upgrade to Charybdis 3.4.2 or later.

See Also

http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt

Plugin Details

Severity: Medium

ID: 65196

File Name: ircd_charybdis_capab_dos.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 3/11/2013

Updated: 11/27/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ratbox:ircd-ratbox

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/31/2012

Vulnerability Publication Date: 12/31/2012

Reference Information

CVE: CVE-2012-6084

BID: 57085