Summary
The remote host is missing an update to hybserv
announced via advisory DSA 1982-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201982-1
Insight
Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option.
For the stable distribution (lenny), this problem has been fixed in version 1.9.2-4+lenny2.
Due to a bug in the archive system, it is not possible to release the fix for the oldstable distribution (etch) simultaneously. Therefore, etch will be fixed in version 1.9.2-4+etch1 as soon as it becomes available.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 1.9.2-4.1.
We recommend that you upgrade your hybserv packages.
Severity
Classification
-
CVE CVE-2010-0303 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities