CVE-2005-1640

mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions.

Published: May 17, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-1640
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
the_ignition_project / ignitionserver	0.3.5	0.3.5.x
the_ignition_project / ignitionserver	0.3.4	0.3.4.x
the_ignition_project / ignitionserver	0.3.2	0.3.2.x
the_ignition_project / ignitionserver	0.3.0	0.3.0.x
the_ignition_project / ignitionserver	0.3.3	0.3.3.x
the_ignition_project / ignitionserver	0.3.6	0.3.6.x
the_ignition_project / ignitionserver	0.3.1	0.3.1.x

http://secunia.com/advisories/15388
http://www.ignition-project.com/security/20050414-hosts-delete-owner-access-entries

Vulnerability Database

CVE-2005-1640

Deep Security Visibility Without the Complexity