No account yet?
Home » Exploits » WeeChat IRC Message Remote Denial Of Service Vulnerability
WeeChat IRC Message Remote Denial Of Service Vulnerability E-mail
Feeds - Exploits
Written by Mahammad Mohsen   
Sunday, 05 April 2009 22:42
WeeChat IRC Message Remote Denial Of Service Vulnerability


-\\Bugtraq ID:
34148

-\\Class:
Design Error

-\\CVE:
CVE-2009-0661


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Mar 17 2009 12:00AM

-\\Updated:
Apr 04 2009 06:16PM

-\\Credit:
Reported by the vendor



-\\Vulnerable:
RedHat Fedora 9  0
Gentoo Linux  
FlashTux WeeChat 0.2.6 0
Debian Linux  5.0 sparc
Debian Linux  5.0 s/390
Debian Linux  5.0 powerpc
Debian Linux  5.0 mipsel
Debian Linux  5.0 mips
Debian Linux  5.0 m68k
Debian Linux  5.0 ia-64
Debian Linux  5.0 ia-32
Debian Linux  5.0 hppa
Debian Linux  5.0 armel
Debian Linux  5.0 arm
Debian Linux  5.0 amd64
Debian Linux  5.0 alpha
Debian Linux  5.0



-\\Not Vulnerable:
FlashTux WeeChat  0.2.6.1



-\\Discussion
WeeChat is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue crash the application, resulting in a denial-of-service condition.

Versions prior to WeeChat  0.2.6.1 are vulnerable.



-\\Exploit(s)/PoC(s):
An attacker can use readily available network utilities to exploit this issue.



-\\Solution
The vendor released an update to address this issue. Please see the references for more information.


Debian Linux  5.0 hppa
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 ia-64
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 m68k
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 arm
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 armel
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 amd64
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 alpha
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 ia-32
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 mips
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 s/390
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 mipsel
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 powerpc
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb

Debian Linux  5.0 sparc
--Debian  weechat-common_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
--Debian  weechat-curses_0.2.6-1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb
--Debian  weechat-plugins_0.2.6-1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb
--Debian  weechat_0.2.6-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.dehttp://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb



-\\Reference(s)
--Vendor Homepage
http://www.flashtux.org/index.ph  (Flashtux)
--WeeChat 0.2.6.1 Released
http://weechat.flashtux.org  (WeeChat)
--weechat-curses: DoS (crash) with some IRC messages from other users
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=51994  (Sebastien Helleu < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff