irssi long topic denial of service
| irssi-long-topic-dos (9395) |  Medium Risk |
Description:
irssi is vulnerable to a denial of service attack. A remote attacker can create a channel with an overly long topic to cause the irssi client to crash once it tries to join the channel. In addition, a remote attacker can also change the channel topic to an overly long topic after joining the channel to crash the irssi client.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of irssi (0.8.5 or later), available from the irssi Web site. See References.
For Debian GNU/Linux 3.0:
Upgrade to the latest irssi-text package (0.8.4-3.1 or later), as listed in DSA 157-1. See References.
For FreeBSD Ports Collection:
Upgrade to the latest ports collection, as listed in FreeBSD Security Notice FreeBSD-SN-02:05. See References.
References:
- BugTraq Mailing List, Tue Jun 18 2002 - 23:07:58 CDT: DoS on irssi 0.8.4.
- FreeBSD Security Notice FreeBSD-SN-02:05 : security issues in ports.
- irssi Web site: Download.
- BID-5055: IRSSI Long Malformed Topic Denial Of Service Vulnerability
- CVE-2002-0983: IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow.
- DSA-157: irssi-text -- denial of service
Platforms Affected:
- Debian Debian Linux 3.0
- FreeBSD FreeBSD Ports Collection
- irssi irssi 0.8.4
Reported:
Jun 19, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net