[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] eggdrop/windrop remote crash vulnerability



Hi,
* Thomas Sader <thommey@xxxxxxxxx> [2009-05-15 11:52]:
> Affected software
> -----------------
> 
> eggdrop (1.6.19 only, not 1.6.19+ctcpfix)
> windrop (1.6.19 only, not 1.6.19+ctcpfix)
> all eggdrop/windrop versions and packages which apply Nico Goldes
> patch for CVE-2007-2807/SA25276 See: [1]
> 
> Vulnerability details
> ---------------------
> 
> The SA25276 patch ([1]) uses strncpy to fix a buffer overflow vulnerability
> in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked
> for being non-negative, but that can happen if ctcpbuf is "". That causes
> a remote crash vulnerability to be exploited by anyone connected to the same
> IRC network as eggdrop. The SA25276 patch has been applied to the 
> eggdrop1.6.18
> debian package and was later adopted by Eggheads into eggdrop1.6.19.

Dang, nice find.

Cheers
Nico
-- 
Nico Golde - JAB: nion@xxxxxxxxxxxxx | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!

Attachment: pgpZlwuprGWvy.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/