CVE-2007-4411

Name of the Vulnerable Software and Affected Versions ircu versions 2.10.12.05 and earlier

Description The issue allows remote attackers to discover the hidden IP address of arbitrary +x users. This can be achieved via a series of /silence commands with specific arguments, such as (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, and then monitoring CTCP ping replies.

Recommendations For ircu versions 2.10.12.05 and earlier, consider restricting or disabling the use of the /silence command with CIDR mask arguments or certain other group-representing arguments until a fix is available. Additionally, limiting the ability to monitor CTCP ping replies may help minimize the risk of exploitation.