Risk | High |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2018-7054 CVE-2018-7053 CVE-2018-7050 CVE-2018-7051 |
CWE-ID | CWE-416 CWE-476 CWE-787 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Slackware Linux Operating systems & Components / Operating system |
Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU10609
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7054
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness is due to a use-after-free when server is disconnected during netsplits. A remote attacker can trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package irssi.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.437110
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU10608
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7053
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a use-after-free when SASL messages are received in unexpected order. A remote attacker can use a non-conforming ircd, trigger memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package irssi.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.437110
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU10606
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7050
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a NULL pointer dereference when an "empty" nick has been observed. A remote attacker can use a broken ircd or control over the ircde and cause the service to crash.
Update the affected package irssi.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.437110
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU10599
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7051
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an out-of-bounds write error when printing theme strings. A remote attacker can execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package irssi.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.437110
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.