cpe:2.3:a:universal_ircd:ircu:2.10.12.04:*:*:*:*:*:*:*
ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.
Max CVSS
4.3
EPSS Score
0.41%
Published
2007-08-18
Updated
2018-10-15
ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.
Max CVSS
6.0
EPSS Score
0.55%
Published
2007-08-18
Updated
2018-10-15
Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.
Max CVSS
5.1
EPSS Score
1.35%
Published
2007-08-18
Updated
2018-10-15
ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.
Max CVSS
5.0
EPSS Score
0.86%
Published
2007-08-18
Updated
2018-10-15
ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass.
Max CVSS
6.4
EPSS Score
0.86%
Published
2007-08-18
Updated
2018-10-15
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.
Max CVSS
7.5
EPSS Score
0.76%
Published
2007-08-18
Updated
2018-10-15
ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).
Max CVSS
7.8
EPSS Score
1.55%
Published
2007-08-18
Updated
2018-10-15
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!