Debian epic4 client long string denial of service
| debian-epic4-dos (4127) |  Medium Risk |
Description:
EPIC4 client, shipped with Debian Linux, are vulnerable to a denial of service attack. An attacker can crash the client and possibly cause arbitrary characters to be displayed on the terminal.
Consequences:
Denial of Service
Remedy:
For Debian GNU/Linux 2.1 (alias slink):
Upgrade to the latest version of epic4 (2.003-0slink2 or later), as listed in Debian Security Advisory 19990826. See References.
For Debian GNU/Linux pre2.2 (alias potato):
Upgrade to the latest version of epic4 (2.004-19990718-1 or later), as listed in Debian Security Advisory 19990826. See References.
References:
- BugTraq Mailing List, 1999-08-26 7:26:51: New versions of epic4 fixes possible DoS vulnerability.
- Debian Security Advisory 19990826: [SECURITY] New versions of epic4 fixes possible DoS vulnerability.
- EPIC Web site: Enhanced Programmable ircII Client.
- BID-605: IrcII "Epic" Denial of Service Vulnerability
- CVE-1999-0939: Denial of service in Debian IRC Epic/epic4 client via a long string.
Platforms Affected:
- Debian Debian Linux
Reported:
Aug 24, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net