Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0285 to the following vulnerability: ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. References: http://arthur.barton.de/cgi-bin/viewcvs.cgi/ngircd/ngircd/src/ngircd/irc-channel.c?r1=1.40&r2=1.41&diff_format=h http://bugs.gentoo.org/show_bug.cgi?id=204834 http://ngircd.barton.de/doc/ChangeLog
Not yet in Fedora. Here is the review request: bug #234926
FYI: This bug should be closed for good, the vulnerable version was never available in fedora AFAIK.
Agree, this can be closed. I haven't closed it before as it wasn't clear to me what's the ngircd's review request. It is closed now, but ngircd only seems to be shipped in EPEL5 and may appear in F10.
Reporter changed to security-response-team by request of Jay Turner.