Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities

2010.04.19
Credit: vendor
Risk: Medium
Local: No
Remote: Yes

Not sure if everyone has seen this yet: http://irssi.org/ "This release fixes two security issues: The first being that Irssi didn't check hostname on SSL connections and the other being a hard to exploit remote crash bug." Some further information can be found in the ChangeLog: http://irssi.org/news/ChangeLog

References:

http://www.vupen.com/english/advisories/2010/0856
http://xforce.iss.net/xforce/xfdb/57791
http://www.ubuntu.com/usn/USN-929-1
http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126
http://securitytracker.com/id?1023845
http://secunia.com/advisories/39365
http://marc.info/?l=oss-security&m=127119240204394&w=2
http://marc.info/?l=oss-security&m=127115784314970&w=2
http://marc.info/?l=oss-security&m=127111071631857&w=2
http://marc.info/?l=oss-security&m=127110132019166&w=2
http://marc.info/?l=oss-security&m=127098845125270&w=2
http://irssi.org/news/ChangeLog
http://irssi.org/news


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top