ngircd -- format string vulnerability

ID BC4A7EFA-7D9A-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-02-03T00:00:00


A No System Group security advisory reports that ngircd is vulnerable to a format string vulnerability in the Log_Resolver() function of log.c, if IDENT support is enabled. This could allow a remote attacker to execute arbitrary code with the permissions of the ngircd daemon, which is root by default. Note: By default the FreeBSD ngircd port does not enable IDENT support.