CVE-2012-6084

EUVD-2012-5955
modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
ircd-ratboxircd-ratbox
1.0
ircd-ratboxircd-ratbox
1.1.1
ircd-ratboxircd-ratbox
1.1.2
ircd-ratboxircd-ratbox
1.2.1
ircd-ratboxircd-ratbox
1.2.2
ircd-ratboxircd-ratbox
1.2.3
ircd-ratboxircd-ratbox
1.3
ircd-ratboxircd-ratbox
1.3.1
ircd-ratboxircd-ratbox
1.3.2
ircd-ratboxircd-ratbox
1.4
ircd-ratboxircd-ratbox
1.4:rc1
ircd-ratboxircd-ratbox
1.4:rc2
ircd-ratboxircd-ratbox
1.5
ircd-ratboxircd-ratbox
1.5.1
ircd-ratboxircd-ratbox
1.5.2
ircd-ratboxircd-ratbox
1.5.3
ircd-ratboxircd-ratbox
2.0.1
ircd-ratboxircd-ratbox
2.0.2
ircd-ratboxircd-ratbox
2.0.3
ircd-ratboxircd-ratbox
2.0.4
ircd-ratboxircd-ratbox
2.0.5
ircd-ratboxircd-ratbox
2.0.6
ircd-ratboxircd-ratbox
2.0.7
ircd-ratboxircd-ratbox
2.0.8
ircd-ratboxircd-ratbox
2.0.9
ircd-ratboxircd-ratbox
2.0.10
ircd-ratboxircd-ratbox
2.0.11
ircd-ratboxircd-ratbox
2.1.0:beta1
ircd-ratboxircd-ratbox
2.1.0:beta2
ircd-ratboxircd-ratbox
2.1.1
ircd-ratboxircd-ratbox
2.1.2
ircd-ratboxircd-ratbox
2.1.3
ircd-ratboxircd-ratbox
2.1.4
ircd-ratboxircd-ratbox
2.1.5
ircd-ratboxircd-ratbox
2.1.6
ircd-ratboxircd-ratbox
2.1.7
ircd-ratboxircd-ratbox
2.1.8
ircd-ratboxircd-ratbox
2.2.0
ircd-ratboxircd-ratbox
2.2.0:rc1
ircd-ratboxircd-ratbox
2.2.0:rc2
ircd-ratboxircd-ratbox
2.2.0:rc3
ircd-ratboxircd-ratbox
2.2.1
ircd-ratboxircd-ratbox
2.2.2
ircd-ratboxircd-ratbox
2.2.3
ircd-ratboxircd-ratbox
2.2.4
ircd-ratboxircd-ratbox
2.2.5
ircd-ratboxircd-ratbox
2.2.6
ircd-ratboxircd-ratbox
2.2.7
ircd-ratboxircd-ratbox
2.2.7.1
ircd-ratboxircd-ratbox
2.2.8
ircd-ratboxircd-ratbox
2.2.9
ratboxircd-ratbox
𝑥
≤ 3.0.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
charybdis
artful
ignored
bionic
not-affected
cosmic
not-affected
hardy
dne
lucid
dne
oneiric
dne
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
not-affected
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
ircd-ratbox
artful
dne
bionic
dne
cosmic
dne
hardy
ignored
lucid
ignored
oneiric
Fixed 3.0.6.dfsg-2squeeze1build0.11.10.1
released
precise
ignored
quantal
ignored
raring
not-affected
saucy
not-affected
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
dne
yakkety
dne
zesty
dne
References
http://openwall.com/lists/oss-security/2013/01/01/4
http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt
http://www.debian.org/security/2013/dsa-2612
http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2
http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2
https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch
http://openwall.com/lists/oss-security/2013/01/01/4
http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt
http://www.debian.org/security/2013/dsa-2612
http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2
http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2
https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch