Red Hat Bugzilla – Bug 929168
CVE-2013-1747 ngircd: DoS (assertion failure, crash) via a KICK command for a user who is not on the associated channel
Last modified: 2015-07-31 03:02:58 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-1747 to the following vulnerability:
channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel.
This issue affects the versions of the ngircd package, as shipped with Fedora release of 18 and Fedora EPEL-6. Please schedule an update.
Created ngircd tracking bugs for this issue
Affects: fedora-18 [bug 929170]
Affects: epel-6 [bug 929171]
Based on upstream ngIRCd 20.2 notification:
this issue is reported to affect only ngIRCd versions of "ngIRCd 20 and 20.1 (Please note that all releases before 20 are NOT affected by the bug mentioned
therefore I didn't create a child bug for Fedora-17 and EPEL-5. But if you are of the opinion that upstream patch:
after backport should be applied against Fedora-17 and EPEL-5 versions too, and would need child bugs for those versions, let me know and I will create them.
Thank you, Jan.
ngircd-20.2-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
ngircd-20.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.