Launchpad.net

CVE 2009-4016

Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.

Related bugs and status

CVE-2009-4016 (Candidate) is related to these bugs:

Bug #518226: DSA-1980-1 fix not in lucid, or karmic

		In	Importance	Status
518226	DSA-1980-1 fix not in lucid, or karmic	ircd-hybrid (Ubuntu)	Medium	Fix Released
518226	DSA-1980-1 fix not in lucid, or karmic	ircd-hybrid (Ubuntu Karmic)	Medium	Fix Released
518226	DSA-1980-1 fix not in lucid, or karmic	ircd-hybrid (Ubuntu Lucid)	Medium	Fix Released
518226	DSA-1980-1 fix not in lucid, or karmic	ircd-hybrid (Ubuntu Jaunty)	Medium	Fix Released

Bug #595180: Please merge ircd-hybrid 1:7.2.2.dfsg.2-6.1 (universe) from debian unstable (main)

Summary				In	Importance	Status
	595180	Please merge ircd-hybrid 1:7.2.2.dfsg.2-6.1 (universe) from debian unstable (main)		ircd-hybrid (Ubuntu)	Wishlist	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MLIST: [ircd-ratbox] 20100125...
CONFIRM: http://security.debian...
CONFIRM: http://trac.oftc.net/p...
DEBIAN: DSA-1980
BID: 37978
SECUNIA: 38210
SECUNIA: 38381
SECUNIA: 38382
SECUNIA: 38383
CONFIRM: http://svn.ircd-hybrid...