ngIRCd: Buffer overflow

2005-01-28T00:00:00
ID GLSA-200501-40
Type gentoo
Reporter Gentoo Foundation
Modified 2006-05-22T00:00:00

Description

Background

ngIRCd is a free open source daemon for Internet Relay Chat (IRC).

Description

Florian Westphal discovered a buffer overflow caused by an integer underflow in the Lists_MakeMask() function of lists.c.

Impact

A remote attacker can exploit this buffer overflow to crash the ngIRCd daemon and possibly execute arbitrary code with the rights of the ngIRCd daemon process.

Workaround

There is no known workaround at this time.

Resolution

All ngIRCd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/ngIRCd-0.8.2"