Universal Ircd: >> Ircu >> 2.10.12.01 Security Vulnerabilities
ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command.
CVSS Score
7.8
EPSS Score
0.025
Published
2007-08-18
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.
CVSS Score
7.5
EPSS Score
0.006
Published
2007-08-18
Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.
CVSS Score
5.1
EPSS Score
0.007
Published
2007-08-18