FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

atheme-services -- multiple vulnerabilities

Affected packages
atheme-services < 7.2.7

Details

VuXML ID e47ab5db-c333-11e6-ae1b-002590263bf5
Discovery 2016-01-09
Entry 2016-12-16

Mitre reports:

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

[source]

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

[source]

References

CVE Name CVE-2014-9773
CVE Name CVE-2016-4478
FreeBSD PR ports/209217
URL https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
URL https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.