| VID |
23131 |
| Severity |
30 |
| Port |
6667 |
| Protocol |
TCP |
| Class |
IRCD |
| Detailed Description |
A version of ignitionServer which is older than version 0.3.6-P1 is detected as running on the host. ignitionServer is an Internet Relay Chat (IRC) Server for Microsoft Windows platforms. ignitionServer versions prior to 0.3.6-P1 is vulnerable to two vulnerabilities residing in the m_access() function in 'codemodules/mod_channel.bas' and the m_join() function in 'mod_channel'. A remote attacker could exploit these flaws to delete access entries that have been added by various owners or to prevent an IRC operator from gaining access to the channel.
* Note: This check solely relied on the banner of the remote IRC server to assess this vulnerability, so this might be a false positive.
* References:
http://www.ignition-project.com/security/20050414-hosts-delete-own er-access-entries
http://www.ignition-project.com/security/20050515-protected-opers-cannot-join-channel-with-key
http://www.securitytracker.com/alerts/2005/May/1013987.html
* Platforms Affected:
ignitionServer versions prior to 0.3.6-P1
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of ignitionServer (0.3.6-P1 or later), available from the Ignition Project Download Web page at http://www.ignition-project.com/download |
| Related URL |
CVE-2005-1640,CVE-2005-1641 (CVE) |
| Related URL |
13654,13656 (SecurityFocus) |
| Related URL |
20676,20679 (ISS) |
|
