InspIRCd up to 2.0.6 on Debian Incomplete Fix input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in InspIRCd up to 2.0.6 on Debian. It has been declared as critical. This vulnerability affects an unknown functionality of the component Incomplete Fix. Upgrading to version 2.0.7 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field09/26/2017 08:58 AM11/19/2019 10:55 AM01/14/2021 11:52 AM
nessus_id828398283982839
nessus_nameDebian DSA-3226-1 : inspircd - security updateDebian DSA-3226-1 : inspircd - security updateDebian DSA-3226-1 : inspircd - security update
nessus_filenamedebian_DSA-3226.nasldebian_DSA-3226.nasldebian_DSA-3226.nasl
nessus_riskHighHighHigh
nessus_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
nessus_typelocallocallocal
nessus_date1429228800 (04/17/2015)1429228800 (04/17/2015)1429228800 (04/17/2015)
openvas_id703226703226703226
openvas_filenamedeb_3226.nasldeb_3226.nasldeb_3226.nasl
openvas_titleDebian Security Advisory DSA 3226-1 (inspircd - security update)Debian Security Advisory DSA 3226-1 (inspircd - security update)Debian Security Advisory DSA 3226-1 (inspircd - security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
seealso99772 9978399772 9978399772 99783
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
0day_days262626
cvss3_nvd_basescore9.89.89.8
nameInspIRCdInspIRCdInspIRCd
version<=2.0.6<=2.0.6<=2.0.6
platformDebianDebianDebian
componentIncomplete FixIncomplete FixIncomplete Fix
cwe20 (privilege escalation)20 (privilege escalation)20 (privilege escalation)
risk222
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.56.56.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore8.58.58.5
cvss3_meta_tempscore8.28.28.2
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.07.07.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
locationoss-secoss-secoss-sec
urlhttp://www.openwall.com/lists/oss-security/2015/08/26/1http://www.openwall.com/lists/oss-security/2015/08/26/1http://www.openwall.com/lists/oss-security/2015/08/26/1
confirm_urlhttps://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version2.0.72.0.72.0.7
cveCVE-2012-6696CVE-2012-6696CVE-2012-6696
cve_assigned144046080014404608001440460800
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryinspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.
securityfocus5256152561
discoverydate14268096001426809600
date1429056000 (04/15/2015)1429056000 (04/15/2015)
person_nameTomasz Salacinski
securityfocus_date1332111600 (03/19/2012)
securityfocus_classBoundary Condition Error
cvss2_nvd_basescore7.5

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!