CVE-2007-4407

Name of the Vulnerable Software and Affected Versions ircu versions 2.10.12.03 through 2.10.12.04

Description The issue allows remote attackers to set or remove certain channel modes via a "netriding" attack or take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass, due to the lack of a timestamp association with ops privilege on an unused channel.

Recommendations For versions 2.10.12.03 and 2.10.12.04, consider restricting access to unused channels to prevent exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.