Last month a new bug have been found in IRCu family IRCd’s which can be exploited leading to a crashing server.
In this post on Milw0rm the bug and exploit is explained. IRCu (<= 126.96.36.199) and many derivatives are affected.
IRC-Junkie asked Slug, who found the bug and described it on Milw0rm, how he found the bug. “Core dump from one of our servers,” Slug starts. “send_user_mode in s_user.c does not check that the argument after a +r mode is present, if it is not than the NULL sentinel may be missed, causing the function to iterate over the boundary of the array.”
One way to exploit the bug would be using the command with string /mode nickname i i i i i i i i i i i i i i i r r r r s. Doing so would core the server.
Only cure is to upgrade to the latest version of the IRCd with fix for this exploit.