Vulners
Lucene search
Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash
| Reporter | Title | Published | Views | Family All 58 |
|---|---|---|---|---|
 | Eggdrop/Windrop 1.6.19 ctcpbuf Remote Crash Vulnerability | 15 May 200900:00 | – | zdt |
 | Security fix for the ALT Linux 6 package eggdrop version 1.6.18-alt2 | 20 Sep 200700:00 | – | altlinux |
| Security fix for the ALT Linux 6 package eggdrop version 1.6.19-alt2 | 18 May 200900:00 | – | altlinux |
 | CVE-2007-2807 | 22 May 200719:00 | – | cve |
 | CVE-2007-2807 | 22 May 200719:00 | – | cvelist |
 | [SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution | 5 Jan 200814:52 | – | debian |
| [SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code | 5 Jan 200815:11 | – | debian |
| [SECURITY] [DSA 1826-1] New eggdrop packages fix several vulnerabilities | 4 Jul 200902:53 | – | debian |
 | CVE-2007-2807 | 22 May 200719:00 | – | debiancve |
 | Debian DSA-1448-1 : eggdrop - buffer overflow | 7 Jan 200800:00 | – | nessus |
10
eggdrop/windrop remote crash vulnerability
* This message: [ Message body ] [ More options ]
* Related messages: [ Next message ] [ Previous message ] [ Next in thread ] [ Replies ]
From: Thomas Sader <thommey_at_gmail.com>
Date: Fri, 15 May 2009 05:54:08 +0200
Affected software
-----------------
eggdrop (1.6.19 only, not 1.6.19+ctcpfix)
windrop (1.6.19 only, not 1.6.19+ctcpfix)
all eggdrop/windrop versions and packages which apply Nico Goldes
patch for CVE-2007-2807/SA25276 See: [1]
Vulnerability details
---------------------
The SA25276 patch ([1]) uses strncpy to fix a buffer overflow vulnerability
in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked
for being non-negative, but that can happen if ctcpbuf is "". That causes
a remote crash vulnerability to be exploited by anyone connected to the same
IRC network as eggdrop. The SA25276 patch has been applied to the eggdrop1.6.18
debian package and was later adopted by Eggheads into eggdrop1.6.19.
One possible exploit anyone can send to the IRC server to crash eggdrop:
PRIVMSG eggdrop :\1\1
Resolution
----------
Upgrade to eggdrop/windrop 1.6.19+ctcpfix ([2],[3]), the current cvs versions,
or apply the ctcpfix patch at [2] before compiling.
Disclosure timeline
-------------------
2009-05-06: Vulnerability discovered and reported to Eggheads.
2009-05-06: Patch committed to cvs.
2009-05-14: New eggdrop and windrop version released with the fix applied.
2009-05-14: Public disclosure.
References
----------
[1] http://bugzilla.eggheads.org/show_bug.cgi?id=462
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427157
https://www.securityfocus.com/bid/24070
http://secunia.com/advisories/25276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2807
[2] http://www.eggheads.org/downloads/
[3] http://windrop.sourceforge.net/downloads.html
---
Thomas Sader (thommey)
# milw0rm.com [2009-05-15]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 May 2009 00:00Current
7High risk
Vulners AI Score7
CVSS 26.8
EPSS0.23073