Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities

2010.04.19

Credit: vendor

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2010-1155 | CVE-2010-1156

CWE: CWE-20
CWE-Other

Not sure if everyone has seen this yet:
http://irssi.org/
"This release fixes two security issues: The first being that Irssi
didn't check hostname on SSL connections and the other being a hard to
exploit remote crash bug."
Some further information can be found in the ChangeLog:
http://irssi.org/news/ChangeLog

Referencje:

http://www.vupen.com/english/advisories/2010/0856

http://xforce.iss.net/xforce/xfdb/57791

http://www.ubuntu.com/usn/USN-929-1

http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126

http://securitytracker.com/id?1023845

http://secunia.com/advisories/39365

http://marc.info/?l=oss-security&m=127119240204394&w=2

http://marc.info/?l=oss-security&m=127115784314970&w=2

http://marc.info/?l=oss-security&m=127111071631857&w=2

http://marc.info/?l=oss-security&m=127110132019166&w=2

http://marc.info/?l=oss-security&m=127098845125270&w=2

http://irssi.org/news/ChangeLog

http://irssi.org/news

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.