Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Sat, 6 Jun 2009 13:49:13 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security <oss-security@...ts.openwall.com>
cc: coley@...re.org
Subject: Re: CVE Request (irssi)


======================================================
Name: CVE-2009-1959
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1959
Reference: MLIST:[oss-security] 20090529 CVE Request (irssi)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/29/3
Reference: MISC:http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/
Reference: CONFIRM:http://bugs.irssi.org/index.php?do=details&task_id=662
Reference: CONFIRM:http://www.irssi.org/ChangeLog

Off-by-one error in the event_wallops function in
fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to
cause a denial of service (crash) via an empty command, which triggers
a one-byte buffer under-read and a one-byte buffer underflow.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux