CVE-2013-5580 Information

Description

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2 when the configuration option NoticeAuth is enabled does not properly handle the return code for the Handle_Write function which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors related to a \notice auth\ message not being sent to a new client.

Reference

http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=309122017ebc6fff039a7cab1b82f632853d82d5 http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html http://freecode.com/projects/ngircd/releases/357245 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.html http://osvdb.org/96590 http://secunia.com/advisories/54567