[ircd-ratbox] ircd-ratbox-3.0.8 released(urgent security update)

Jilles Tjoelker jilles at stack.nl
Mon Dec 31 17:21:25 EST 2012


On Mon, Dec 31, 2012 at 05:01:07PM -0500, androsyn wrote:
> Well this is an embarrassing release for certain, turns out there was a
> nasty little bug in the CAPAB handling code that allows for a remote
> attacker to crash the ircd.  With that said, all admins are urged to
> upgrade to ircd-ratbox-3.0.8 immediately.  See the link below for further
> details, the link mentions Charybdis but really this impacts all ircd-ratbox
> derived ircds.  

> http://www.ratbox.org/ASA-2012-12-31.txt

> If you happen to be running a vunerable server and for whatever reason
> cannot upgrade immediately, a /quote modunload m_capab.so should mitigate
> the effects of the bug.

If you do this, note that making a new server link will then either fail
entirely or create a link that will not work properly. Caveat emptor.

-- 
Jilles Tjoelker


More information about the ircd-ratbox mailing list