|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-26] EnergyMech: Denial of Service Vulnerability Scan
Vulnerability Scan Summary EnergyMech: Denial of Service
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-26
(EnergyMech: Denial of Service)
A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and
will cause a crash from a segmentation fault.
Impact
By sending an empty CTCP NOTICE, a remote attacker could exploit this
vulnerability to cause a Denial of Service.
Workaround
There is no known workaround at this time.
References:
http://www.energymech.net/versions-3.0.html
Solution:
All EnergyMech users should update to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/emech-3.0.2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|