GLSA-201006-21 : UnrealIRCd: Multiple vulnerabilities
High Nessus Plugin ID 47016
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201006-21 (UnrealIRCd: Multiple vulnerabilities)
Multiple vulnerabilities have been reported in UnrealIRCd:
The vendor reported a buffer overflow in the user authorization code (CVE-2009-4893).
The vendor reported that the distributed source code of UnrealIRCd was compromised and altered to include a system() call that could be called with arbitrary user input (CVE-2010-2075).
A remote attacker could exploit these vulnerabilities to cause the execution of arbitrary commands with the privileges of the user running UnrealIRCd, or a Denial of Service condition. NOTE: By default UnrealIRCd on Gentoo is run with the privileges of the 'unrealircd' user.
There is no known workaround at this time.
SolutionAll UnrealIRCd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-irc/unrealircd-18.104.22.168-r1'