CVE-2007-4404

Name of the Vulnerable Software and Affected Versions ircu version 2.10.12.01

Description The issue allows remote attackers to cause a denial of service in two ways: by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and results in a flood of wallops, and by sending a "J 0:#channel" message on a channel without an apass, which causes the daemon to crash. Additionally, remote authenticated operators can cause a denial of service by issuing a remote "names -D" command, leading to a daemon crash.

Recommendations For ircu version 2.10.12.01, consider restricting access to the names command and limiting the ability to join channels with long names to prevent exploitation until a patch is available. As a temporary workaround, restrict the use of the "J 0:#channel" message on channels without an apass to minimize the risk of daemon crash.