Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-384-1 inspircd

Debian Security Advisory

DLA-384-1 inspircd -- LTS security update

Date Reported:

13 Jan 2016

Affected Packages:

inspircd

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 668253.
In Mitre's CVE dictionary: CVE-2015-8702.

More information:

It was discovered that InspIRCd did not validate the names in DNS responses before using them in inter-server communication. A remote attacker controlling the reverse DNS server for an IRC client could use this for denial of service or possibly for privilege escalation on the IRC network.

InspIRCd appears to have been completely unusable since version 1.1.22+dfsg-4+squeeze1 due to a bug in its build system triggered by (e)glibc versions newer than 2.9. This has also been fixed.