CVE-2007-3246

Name of the Vulnerable Software and Affected Versions: IRC Services versions prior to 5.0.60

Description: The issue concerns the preservation of channel founder privileges across a channel password change. This allows remote authenticated users to obtain the new password through automated e-mail or perform privileged actions without knowing the new password. The do set password function in modules/chanserv/set.c is specifically implicated.

Recommendations: For versions prior to 5.0.60, update to version 5.0.60 or later to resolve the issue. As a temporary workaround, consider disabling the do set password function until a patch is available. Restrict access to privileged actions to minimize the risk of exploitation. Avoid using the channel password change feature until the issue is resolved.