Open Projects Network IRCd DNS spoofing
| irc-openprojects-dns-spoofing (7283) |  Low Risk |
Description:
Open Projects Network IRCd (Internet Relay Chat) daemon could allow a remote attacker to spoof any hostname on the Internet. This vulnerability is caused by the lack of a proper double-reverse DNS (Domain Name System) lookup by Open Projects Networks IRCd.
Consequences:
Other
Remedy:
No remedy available as of February 6, 2010.
References:
- BugTraq Mailing List, Sun Oct 14 2001 - 08:28:17 CDT: Re: OpenProjects IRCD allows DNS spoofing.
- BugTraq Mailing List, Tue Oct 09 2001 - 13:45:19 CDT: OpenProjects IRCD allows DNS spoofing.
- Open Projects Network Web site: Open Projects Network.
- CVE-2001-1488: Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon.
Platforms Affected:
- Open Projects Network Open Projects Network IRCd u2.10.05.18
Reported:
Oct 09, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net