Hi, * Thomas Sader <thommey@xxxxxxxxx> [2009-05-15 11:52]: > Affected software > ----------------- > > eggdrop (1.6.19 only, not 1.6.19+ctcpfix) > windrop (1.6.19 only, not 1.6.19+ctcpfix) > all eggdrop/windrop versions and packages which apply Nico Goldes > patch for CVE-2007-2807/SA25276 See: [1] > > Vulnerability details > --------------------- > > The SA25276 patch ([1]) uses strncpy to fix a buffer overflow vulnerability > in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked > for being non-negative, but that can happen if ctcpbuf is "". That causes > a remote crash vulnerability to be exploited by anyone connected to the same > IRC network as eggdrop. The SA25276 patch has been applied to the > eggdrop1.6.18 > debian package and was later adopted by Eggheads into eggdrop1.6.19. Dang, nice find. Cheers Nico -- Nico Golde - JAB: nion@xxxxxxxxxxxxx | GPG: 0x73647CFF Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys!
Attachment:
pgpZlwuprGWvy.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/