EnergyMech "parse_notice" CTCP NOTICE denial of service
| energymech-parse-ctcp-dos (27424) |  Low Risk |
Description:
EnergyMech is vulnerable to a denial of service attack, caused by an unspecified error in the parse_notice function. A remote attacker could exploit this vulnerability by sending multiple blank CTCP NOTICE messages from IRC to cause an affected application to crash.
Platforms Affected:
- EnergyMech, EnergyMech prior to 3.0.2
- Gentoo, Linux
Remedy:
Upgrade to the latest version of EnergyMech (3.0.2 or later), available from the EnergyMech Web site. See References.
For Gentoo Linux:
Refer to GLSA 200606-26 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for patch or upgrade information.
Consequences:
Denial of Service
References:
- EnergyMech Web site, EnergyMech at http://www.energymech.net/.
- BID-18664: EnergyMech CTCP Notice Denial of Service Vulnerability
- CVE-2006-3293: parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages.
- GLSA-200606-26: EnergyMech: Denial of Service
- SA20805: EnergyMech "parse_notice" Denial of Service Vulnerability
- VUPEN/ADV-2006-2543: EnergyMech parse_notice CTCP NOTICE Message Remote Denial of Service Vulnerability
Reported:
Jun 26, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net