Test ID:	1.3.6.1.4.1.25623.1.0.66819
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: ircd-ratbox
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: ircd-ratbox ircd-ratbox-devel CVE-2009-4016 Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command. CVE-2010-0300 cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4016 BugTraq ID: 37978 http://www.securityfocus.com/bid/37978 Debian Security Information: DSA-1980 (Google Search) http://www.debian.org/security/2010/dsa-1980 http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html http://secunia.com/advisories/38210 http://secunia.com/advisories/38381 http://secunia.com/advisories/38382 http://secunia.com/advisories/38383 Common Vulnerability Exposure (CVE) ID: CVE-2010-0300 38210 38383 DSA-1980 [ircd-ratbox] 20100125 ircd-ratbox-2.2.9 released http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz
Copyright	Copyright (C) 2010 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.