CVE-2009-4652

Name of the Vulnerable Software and Affected Versions ngIRCd versions 13 through 14

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved by sending the MOTD command from another server in the same IRC network when SSL/TLS support is present and standalone mode is disabled. The problem is possibly related to an array index error in the Conn GetCipherInfo and Conn UsesSSL functions.

Recommendations For ngIRCd versions 13 through 14, consider disabling SSL/TLS support or enabling standalone mode as a temporary workaround to prevent the denial of service. Restrict access to the MOTD command from other servers in the IRC network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.