Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by unrealircd
CVE-2023-50784 (GCVE-0-2023-50784)
Vulnerability from cvelistv5 – Published: 2023-12-16 00:00 – Updated: 2025-11-04 18:20
VLAI
Summary
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:20:38.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unrealircd.org/index/news"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"
},
{
"name": "FEDORA-2023-41f41fbb69",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
},
{
"name": "FEDORA-2023-7c6c696102",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-26T03:06:13.346Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.unrealircd.org/index/news"
},
{
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"
},
{
"name": "FEDORA-2023-41f41fbb69",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
},
{
"name": "FEDORA-2023-7c6c696102",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50784",
"datePublished": "2023-12-16T00:00:00.000Z",
"dateReserved": "2023-12-14T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:20:38.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-13649 (GCVE-0-2017-13649)
Vulnerability from cvelistv5 – Published: 2017-08-23 21:00 – Updated: 2024-08-05 19:05
VLAI
Summary
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.unrealircd.org/view.php?id=4990 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100507 | vdb-entryx_refsource_BID |
Date Public
2017-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:18.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.unrealircd.org/view.php?id=4990",
"refsource": "MISC",
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13649",
"datePublished": "2017-08-23T21:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:05:18.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7144 (GCVE-0-2016-7144)
Vulnerability from cvelistv5 – Published: 2017-01-18 17:00 – Updated: 2024-08-06 01:50
VLAI
Summary
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/unrealircd/unrealircd/commit/f… | x_refsource_CONFIRM |
| https://forums.unrealircd.org/viewtopic.php?f=1&t=8588 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92763 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2016/09/05/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/09/04/3 | mailing-listx_refsource_MLIST |
Date Public
2016-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766",
"refsource": "CONFIRM",
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"name": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588",
"refsource": "CONFIRM",
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7144",
"datePublished": "2017-01-18T17:00:00.000Z",
"dateReserved": "2016-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:47.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6413 (GCVE-0-2013-6413)
Vulnerability from cvelistv5 – Published: 2014-05-19 14:00 – Updated: 2024-08-06 17:39
VLAI
Summary
Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q4/379 | mailing-listx_refsource_MLIST |
| http://forums.unrealircd.com/viewtopic.php?f=2&t=8221 | x_refsource_CONFIRM |
| http://www.unrealircd.com/txt/unreal3_2_10_2_rele… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q4/383 | mailing-listx_refsource_MLIST |
Date Public
2013-11-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"name": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221",
"refsource": "CONFIRM",
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"name": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6413",
"datePublished": "2014-05-19T14:00:00.000Z",
"dateReserved": "2013-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:39:01.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7384 (GCVE-0-2013-7384)
Vulnerability from cvelistv5 – Published: 2014-05-19 14:00 – Updated: 2024-09-16 19:51
VLAI
Summary
UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q4/379 | mailing-listx_refsource_MLIST |
| http://forums.unrealircd.com/viewtopic.php?f=2&t=8221 | x_refsource_CONFIRM |
| http://www.unrealircd.com/txt/unreal3_2_10_2_rele… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q4/383 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"name": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221",
"refsource": "CONFIRM",
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"name": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7384",
"datePublished": "2014-05-19T14:00:00.000Z",
"dateReserved": "2014-05-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:20.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2075 (GCVE-0-2010-2075)
Vulnerability from cvelistv5 – Published: 2010-06-15 01:00 – Updated: 2024-08-07 02:17
VLAI
Summary
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.unrealircd.com/txt/unrealsecadvisory.2… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2010/1437 | vdb-entryx_refsource_VUPEN |
| http://security.gentoo.org/glsa/glsa-201006-21.xml | vendor-advisoryx_refsource_GENTOO |
| http://osvdb.org/65445 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2010/0… | mailing-listx_refsource_MLIST |
| http://www.exploit-db.com/exploits/13853 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/40169 | third-party-advisoryx_refsource_SECUNIA |
| http://seclists.org/fulldisclosure/2010/Jun/277 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/40820 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2010/Jun/284 | mailing-listx_refsource_FULLDISC |
Date Public
2010-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-18T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"refsource": "OSVDB",
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2075",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:13.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4893 (GCVE-0-2009-4893)
Vulnerability from cvelistv5 – Published: 2010-06-15 01:00 – Updated: 2024-08-07 07:17
VLAI
Summary
Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-201006-21.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2010/0… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/42077 | vdb-entryx_refsource_BID |
| http://www.unrealircd.com/txt/unrealsecadvisory.2… | x_refsource_CONFIRM |
Date Public
2009-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-28T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201006-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42077"
},
{
"name": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4893",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50784 (GCVE-0-2023-50784)
Vulnerability from nvd – Published: 2023-12-16 00:00 – Updated: 2025-11-04 18:20
VLAI
Summary
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:20:38.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unrealircd.org/index/news"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"
},
{
"name": "FEDORA-2023-41f41fbb69",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
},
{
"name": "FEDORA-2023-7c6c696102",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-26T03:06:13.346Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.unrealircd.org/index/news"
},
{
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"
},
{
"name": "FEDORA-2023-41f41fbb69",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"
},
{
"name": "FEDORA-2023-7c6c696102",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50784",
"datePublished": "2023-12-16T00:00:00.000Z",
"dateReserved": "2023-12-14T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:20:38.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-13649 (GCVE-0-2017-13649)
Vulnerability from nvd – Published: 2017-08-23 21:00 – Updated: 2024-08-05 19:05
VLAI
Summary
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.unrealircd.org/view.php?id=4990 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100507 | vdb-entryx_refsource_BID |
Date Public
2017-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:18.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.unrealircd.org/view.php?id=4990",
"refsource": "MISC",
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13649",
"datePublished": "2017-08-23T21:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:05:18.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7144 (GCVE-0-2016-7144)
Vulnerability from nvd – Published: 2017-01-18 17:00 – Updated: 2024-08-06 01:50
VLAI
Summary
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/unrealircd/unrealircd/commit/f… | x_refsource_CONFIRM |
| https://forums.unrealircd.org/viewtopic.php?f=1&t=8588 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92763 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2016/09/05/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/09/04/3 | mailing-listx_refsource_MLIST |
Date Public
2016-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766",
"refsource": "CONFIRM",
"url": "https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"
},
{
"name": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588",
"refsource": "CONFIRM",
"url": "https://forums.unrealircd.org/viewtopic.php?f=1\u0026t=8588"
},
{
"name": "92763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92763"
},
{
"name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/8"
},
{
"name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/04/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7144",
"datePublished": "2017-01-18T17:00:00.000Z",
"dateReserved": "2016-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:47.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7384 (GCVE-0-2013-7384)
Vulnerability from nvd – Published: 2014-05-19 14:00 – Updated: 2024-09-16 19:51
VLAI
Summary
UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q4/379 | mailing-listx_refsource_MLIST |
| http://forums.unrealircd.com/viewtopic.php?f=2&t=8221 | x_refsource_CONFIRM |
| http://www.unrealircd.com/txt/unreal3_2_10_2_rele… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q4/383 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"name": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221",
"refsource": "CONFIRM",
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"name": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7384",
"datePublished": "2014-05-19T14:00:00.000Z",
"dateReserved": "2014-05-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:20.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6413 (GCVE-0-2013-6413)
Vulnerability from nvd – Published: 2014-05-19 14:00 – Updated: 2024-08-06 17:39
VLAI
Summary
Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q4/379 | mailing-listx_refsource_MLIST |
| http://forums.unrealircd.com/viewtopic.php?f=2&t=8221 | x_refsource_CONFIRM |
| http://www.unrealircd.com/txt/unreal3_2_10_2_rele… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q4/383 | mailing-listx_refsource_MLIST |
Date Public
2013-11-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"name": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221",
"refsource": "CONFIRM",
"url": "http://forums.unrealircd.com/viewtopic.php?f=2\u0026t=8221"
},
{
"name": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6413",
"datePublished": "2014-05-19T14:00:00.000Z",
"dateReserved": "2013-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:39:01.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2075 (GCVE-0-2010-2075)
Vulnerability from nvd – Published: 2010-06-15 01:00 – Updated: 2024-08-07 02:17
VLAI
Summary
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.unrealircd.com/txt/unrealsecadvisory.2… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2010/1437 | vdb-entryx_refsource_VUPEN |
| http://security.gentoo.org/glsa/glsa-201006-21.xml | vendor-advisoryx_refsource_GENTOO |
| http://osvdb.org/65445 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2010/0… | mailing-listx_refsource_MLIST |
| http://www.exploit-db.com/exploits/13853 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/40169 | third-party-advisoryx_refsource_SECUNIA |
| http://seclists.org/fulldisclosure/2010/Jun/277 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/40820 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2010/Jun/284 | mailing-listx_refsource_FULLDISC |
Date Public
2010-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-18T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt"
},
{
"name": "ADV-2010-1437",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1437"
},
{
"name": "GLSA-201006-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "65445",
"refsource": "OSVDB",
"url": "http://osvdb.org/65445"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/11"
},
{
"name": "13853",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13853"
},
{
"name": "40169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40169"
},
{
"name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Jun/277"
},
{
"name": "40820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40820"
},
{
"name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Jun/284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2075",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:13.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4893 (GCVE-0-2009-4893)
Vulnerability from nvd – Published: 2010-06-15 01:00 – Updated: 2024-08-07 07:17
VLAI
Summary
Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-201006-21.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2010/0… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/42077 | vdb-entryx_refsource_BID |
| http://www.unrealircd.com/txt/unrealsecadvisory.2… | x_refsource_CONFIRM |
Date Public
2009-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-28T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201006-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42077"
},
{
"name": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4893",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}