CVE-2005-1640

Properties

Published:
16.05.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
The Ignition Project: ignitionServer
The Ignition Project: ignitionServer
The Ignition Project: ignitionServer
The Ignition Project: ignitionServer
The Ignition Project: ignitionServer
The Ignition Project: ignitionServer
The Ignition Project: ignitionServer

Vulnerability description

mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions.

References:

CONFIRM: http://www.ignition-project.com/security/20050414-hosts-delete-owner-access-entries
SECUNIA: http://secunia.com/advisories/15388