{"vuid":"VU#212651","idnumber":"212651","name":"InspIRCd heap corruption vulnerability","keywords":["inspircd","heap corruption","buffer overflow","dns"],"overview":"InspIRCd 2.0.5 and possibly other versions contain a heap corruption vulnerability that may be exploited with a specifically crafted DNS query.","clean_desc":"InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res[] buffer is allocated on the heap and can be overflowed. The res[] buffer can be exploited during its deallocation. The number of overflowed bytes can be controlled with DNS compression features.","impact":"A remote unauthenticated attacker may be able to execute arbitrary code with the permissions of the user running the InspIRCd service.","resolution":"Apply an Update InspIRCd 1.2.9 RC1, 2.0.6 RC1, and 2.1.0 B3 have addressed this vulnerability.","workarounds":"Configuration Change\nThe issue may be mitigated in some scenarios by changing your configuration file so <performance:nouserdns> is set to yes.","sysaffected":"","thanks":"Thanks to Tomasz Salacinski of CERT Polska for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["https://github.com/inspircd/inspircd","https://github.com/inspircd/inspircd/zipball/insp20","https://github.com/inspircd/inspircd/commit/fe7dbd2c104c37f6f3af7d9f1646a3c332aea4a4","http://www.irc-wiki.org/InspIRCd"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-02-03T20:09:55Z","publicdate":"2012-03-19T00:00:00Z","datefirstpublished":"2012-03-19T17:06:14Z","dateupdated":"2012-04-09T20:08:25Z","revision":26,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"6","cam_exploitation":"2","cam_internetinfrastructure":"8","cam_population":"11","cam_impact":"4","cam_easeofexploitation":"8","cam_attackeraccessrequired":"10","cam_scorecurrent":"1.056","cam_scorecurrentwidelyknown":"1.98","cam_scorecurrentwidelyknownexploited":"3.168","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5.3","cvss_environmentalscore":"5.3","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":1.056,"vulnote":null}