FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

atheme-services -- multiple vulnerabilities

Affected packages
atheme-services < 7.2.7

Details

VuXML ID e47ab5db-c333-11e6-ae1b-002590263bf5
Discovery 2016-01-09
Entry 2016-12-16

Mitre reports:

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

References

CVE Name CVE-2014-9773
CVE Name CVE-2016-4478
FreeBSD PR ports/209217
URL https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
URL https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b