PT-2005-2617 · Ignition · Ignitionserver
Published
2005-05-17
·
Updated
2008-09-05
·
CVE-2005-1640
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
The Ignition Project ignitionServer versions 0.3.0 through 0.3.6
Description
The issue concerns a problem with verifying owner privileges for deleting IRC channel access entries. This allows remote attackers to bypass intended restrictions.
Recommendations
For versions 0.3.0 through 0.3.6, consider restricting access to the mod channel.bas module to minimize the risk of exploitation until a proper fix is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ignitionserver