Debian Security Advisory
DLA-384-1 inspircd -- LTS security update
- Date Reported:
- 13 Jan 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 668253.
In Mitre's CVE dictionary: CVE-2015-8702.
- More information:
It was discovered that InspIRCd did not validate the names in DNS responses before using them in inter-server communication. A remote attacker controlling the reverse DNS server for an IRC client could use this for denial of service or possibly for privilege escalation on the IRC network.
InspIRCd appears to have been completely unusable since version 1.1.22+dfsg-4+squeeze1 due to a bug in its build system triggered by (e)glibc versions newer than 2.9. This has also been fixed.