CVE-2009-4652 - Vulnerability Details - OpenCVE

The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ngircd	Ngircd

Configuration 1 [-]

OR	cpe:2.3:a:ngircd:ngircd:13:::::::*
	cpe:2.3:a:ngircd:ngircd:14:::::::*

No data.

References

Link	Providers
http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e
http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2
http://ngircd.barton.de/doc/ChangeLog
http://ngircd.barton.de/doc/NEWS
http://secunia.com/advisories/37343
http://www.securityfocus.com/bid/37021
http://www.vupen.com/english/advisories/2009/3240
https://exchange.xforce.ibmcloud.com/vulnerabilities/54272

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-26T18:09:00

Updated: 2024-08-07T07:08:37.994Z

Reserved: 2010-02-26T00:00:00

Link: CVE-2009-4652

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-02-26T18:30:00.320

Modified: 2025-04-11T00:51:21.963

Link: CVE-2009-4652

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ngircd.barton.de/doc/ChangeLog"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2"}, {"name": "37021", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37021"}, {"name": "ADV-2009-3240", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3240"}, {"name": "37343", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37343"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ngircd.barton.de/doc/NEWS"}, {"name": "ngircd-ssltls-dos(54272)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54272"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=blobdiff;f=src/ngircd/conn.c;h=c6095a31c613bc5ca127d55b8723e15b836f1cca;hp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c;hb=627b0b713c52406e50c84bb9459e7794262920a2;hpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e", "refsource": "MISC", "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=blobdiff;f=src/ngircd/conn.c;h=c6095a31c613bc5ca127d55b8723e15b836f1cca;hp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c;hb=627b0b713c52406e50c84bb9459e7794262920a2;hpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e"}, {"name": "http://ngircd.barton.de/doc/ChangeLog", "refsource": "CONFIRM", "url": "http://ngircd.barton.de/doc/ChangeLog"}, {"name": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=627b0b713c52406e50c84bb9459e7794262920a2", "refsource": "CONFIRM", "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=627b0b713c52406e50c84bb9459e7794262920a2"}, {"name": "37021", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37021"}, {"name": "ADV-2009-3240", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3240"}, {"name": "37343", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37343"}, {"name": "http://ngircd.barton.de/doc/NEWS", "refsource": "CONFIRM", "url": "http://ngircd.barton.de/doc/NEWS"}, {"name": "ngircd-ssltls-dos(54272)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54272"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:08:37.994Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ngircd.barton.de/doc/ChangeLog"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2"}, {"name": "37021", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37021"}, {"name": "ADV-2009-3240", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3240"}, {"name": "37343", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37343"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ngircd.barton.de/doc/NEWS"}, {"name": "ngircd-ssltls-dos(54272)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54272"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4652", "datePublished": "2010-02-26T18:09:00", "dateReserved": "2010-02-26T00:00:00", "dateUpdated": "2024-08-07T07:08:37.994Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ngircd:ngircd:13:*:*:*:*:*:*:*", "matchCriteriaId": "91E6DDA7-722D-4AA4-8908-5421DEF9BBD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ngircd:ngircd:14:*:*:*:*:*:*:*", "matchCriteriaId": "FCDDA388-DDD4-4740-B493-A1E6EAA5A58A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error."}, {"lang": "es", "value": "Las funciones (1) Conn_GetCipherInfo y (2) Conn_UsesSSL en src/ngircd/conn.c en ngIRCd 13 y 14, cuando el soporte SSL/TLS est\u00e1 presente y activado el modo \"standalone\", permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) fijando el comando MOTD desde otro servidor en la misma red IRC, posiblemente relativo a un error en la indexaci\u00f3n del array."}], "id": "CVE-2009-4652", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-26T18:30:00.320", "references": [{"source": "cve@mitre.org", "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e"}, {"source": "cve@mitre.org", "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2"}, {"source": "cve@mitre.org", "url": "http://ngircd.barton.de/doc/ChangeLog"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://ngircd.barton.de/doc/NEWS"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37343"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/37021"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3240"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54272"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ngircd.barton.de/doc/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://ngircd.barton.de/doc/NEWS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37343"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/37021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54272"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}