Security Information / 2012 / Security Information -- DSA-2448-1 inspircd

Debian Security Advisory

DSA-2448-1 inspircd -- buffer overflow

Date Reported:

10 Apr 2012

Affected Packages:

inspircd

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 667914.
In Mitre's CVE dictionary: CVE-2012-1836.

More information:

It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query.

For the stable distribution (squeeze), this problem has been fixed in version 1.1.22+dfsg-4+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 1.1.22+dfsg-4+wheezy1.

For the unstable distribution (sid), this problem has been fixed in version 2.0.5-0.1.

We recommend that you upgrade your inspircd packages.