CVE-2016-7144

HIGH

UnrealIRCd < 3.2.10.7 and 4.x < 4.0.6 - Authentication Bypass via SASL AUTHENTICATE Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7144. PoCs published by Huyn-coder.

AI-analyzed exploit summary This exploit targets CVE-2016-7144, a buffer overflow vulnerability in the SASL authentication mechanism of an IRC server. It sends a malicious payload during the AUTHENTICATE phase to trigger a DoS or potential crash.

Description

The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

Exploits (1)

nomisec WORKING POC

by Huyn-coder · poc

https://github.com/Huyn-coder/CVE-2016-7144-IDPS

View Code ZIP pw:eip

This exploit targets CVE-2016-7144, a buffer overflow vulnerability in the SASL authentication mechanism of an IRC server. It sends a malicious payload during the AUTHENTICATE phase to trigger a DoS or potential crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: IRC server (specific version not specified)

No auth needed

Prerequisites: Network access to the target IRC server · IRC server with SASL authentication enabled

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Patch x_refsource_confirm

https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766

View Patch ZIP pw:eip

Vendor Advisory x_refsource_confirm

https://forums.unrealircd.org/viewtopic.php?f=1&t=8588

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92763

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2016/09/05/8

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2016/09/04/3

Scores

CVSS v3 8.1

EPSS 0.0127

EPSS Percentile 66.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (8)

unrealircd/unrealircd 4.0.0

unrealircd/unrealircd 4.0.1

unrealircd/unrealircd 4.0.2

unrealircd/unrealircd 4.0.3

unrealircd/unrealircd 4.0.3.1

unrealircd/unrealircd 4.0.4

unrealircd/unrealircd 4.0.5

unrealircd/unrealircd < 3.2.10.5

Published Jan 18, 2017

Tracked Since Feb 18, 2026